Release Notes for 9.3 Enhancement Releases

Support for Binding LACP Channels to NSVLAN

Support for Byte Mobile T1100-16 Hardware

Support for 1G Copper SFP Transceivers and DAC Cables

• Issue ID 0344262: 1G copper SFP transceivers are now supported on the ixgbe (ix) interfaces. These transceivers are hot-swappable on this interface. However, fiber SFP transceivers are not supported.

  The following SFP+ and SFP transceivers, and direct access cables, are supported:

  • Intel fiber SFP+: "FTLX8571D3BCV-IT"
  • Intel fiber SFP+: "FTLX8571D3BCV-I3"
  • Finisar fiber SFP+: "FTLX8571D3BCV"
  • Intel fiber SFP+ (LR): "FTLX1471D3BCV-IT"
  • Finisar fiber SFP+ (LR): "FTLX1471D3BCV "
  • Finisar copper SFP: "FCLF-8521-3"
  • Avago copper SFP: "ABCU-5710RZ"
  • Methode DAC cable: "DM-255-100 "
  • Methode DAC cable: "DM-255-300 "
  • Methode DAC cable: "DM-255-500 "
  Note:

  • Only 10G ports support DAC cables.
  • Fiber SFPs are not supported.

Load Balancing

Networking

Load Balancing

• Issue ID 90395/0249705: If the rule that is used for creating rule based persistence sessions is a compound expression, the "show lb persistentSessions" CLI command displays an internal representation of the persistence parameter instead of the actual persistence parameter.
• Issue ID 90875/0250110: On a TCP load balancing virtual server, if persistence is defined with the rule 'client.tcp.payload(n)', and a request is received in multiple parts such that there is a delay between the parts and a FIN is sent from client before the expected number of bytes (n), the NetScaler appliance creates an undesired session with the received number of bytes (which is less than n).
• Issue ID 91672/0250820: If the token that is used for creating rule based persistence sessions is larger than 100 MB, the "show lb persistentSessions" CLI command does not display the persistence parameter.
• Issue ID 91711/0250846: If the string (or "token") that is used for creating rule based persistence sessions for load balancing virtual servers is larger than 64 KB, the NetScaler appliance fails to create persistence sessions. For example, the appliance fails to create persistence sessions with the rule CLIENT.TCP.PAYLOAD(70000) because the token that is used is larger than 64 KB. However, the appliance creates persistence sessions successfully with a rule such as CLIENT.TCP.PAYLOAD(70000). BEFORE_STR("string2").AFTER_STR("string1") if the string that is enclosed by "string1" and "string2" is not larger than 64 KB.
• Issue ID 0272268 (nCore and nCore VPX): The Load Balancing Wizard for Citrix Branch Repeater allows you to create multiple branches with the same subnet value.
• Issue ID 0300562 (nCore and nCore VPX): The Data Center Server Subnets screen of the Load Balancing Wizard for Citrix Branch Repeater displays an asterisk (*) as being the value of netmasks that you have set to 255.255.255.255. However, the netmask is stored correctly, and the functionality is not affected.
• Issue ID 0320963: For a policy with action, the stateupdate option returns incorrect CS virtual server state information. The stateupdate option determines the state based on the state of LB virtual server attached to the CS virtual server but in case of a policy with action the LB virtual server is determined at the run time using the action expression and hence the state returned is always returned as down.
• Issue ID 0320958: CS policies with action do not support SNMP.
• Issue ID 0320951: The show cs vserver command displays hits as zero for CSW PI policies (configured with action or without action) bound to CS virtual server. Use show cs policy command to display hits for policies configured with or without action.
• Issue ID 0334277: If you configure a transparent sessionless load balancing virtual server and set the redirection mode to MAC, the virtual server does not process traffic.

  Workaround: Configure an appropriate listen policy on the virtual server.

System

• Issue ID 0274802: In a high availability setup, if a route monitor is added within the RTST expiry time, the RTST timer restarts. Therefore, if a new route monitors is added within the RTST expiry time, the RTST timer might not expire, and that might prevent failover.

Stateful Connection Failover for Layer 3 DSR that uses IP Tunneling

• Issue ID 0348302: Stateful connection failover is now supported on Layer 3 Direct Server Return (DSR) configuration that uses IP tunneling.

  Connection failover helps prevent disruption of access to applications deployed in a distributed environment. In a NetScaler High Availability (HA) setup, connection failover (or connection mirroring-CM) refers to keeping active an established TCP or UDP connection when a failover occurs.

  In stateful failover, to maintain current information about the mirrored connections, the primary appliance sends messages to the secondary appliance. The secondary appliance maintains the data related to the packets but uses it only in the event of a failover. If a failover occurs, the new primary (old secondary) appliance starts using the stored data about the mirrored connections and accepting traffic.

Networking

System

Load Balancing

• Issue ID 90395/0249705: If the rule that is used for creating rule based persistence sessions is a compound expression, the "show lb persistentSessions" CLI command displays an internal representation of the persistence parameter instead of the actual persistence parameter.
• Issue ID 90875/0250110: On a TCP load balancing virtual server, if persistence is defined with the rule 'client.tcp.payload(n)', and a request is received in multiple parts such that there is a delay between the parts and a FIN is sent from client before the expected number of bytes (n), the NetScaler appliance creates an undesired session with the received number of bytes (which is less than n).
• Issue ID 91672/0250820: If the token that is used for creating rule based persistence sessions is larger than 100 MB, the "show lb persistentSessions" CLI command does not display the persistence parameter.
• Issue ID 91711/0250846: If the string (or "token") that is used for creating rule based persistence sessions for load balancing virtual servers is larger than 64 KB, the NetScaler appliance fails to create persistence sessions. For example, the appliance fails to create persistence sessions with the rule CLIENT.TCP.PAYLOAD(70000) because the token that is used is larger than 64 KB. However, the appliance creates persistence sessions successfully with a rule such as CLIENT.TCP.PAYLOAD(70000). BEFORE_STR("string2").AFTER_STR("string1") if the string that is enclosed by "string1" and "string2" is not larger than 64 KB.
• Issue ID 0272268 (nCore and nCore VPX): The Load Balancing Wizard for Citrix Branch Repeater allows you to create multiple branches with the same subnet value.
• Issue ID 0300562 (nCore and nCore VPX): The Data Center Server Subnets screen of the Load Balancing Wizard for Citrix Branch Repeater displays an asterisk (*) as being the value of netmasks that you have set to 255.255.255.255. However, the netmask is stored correctly, and the functionality is not affected.
• Issue ID 0320963: For a policy with action, the stateupdate option returns incorrect CS virtual server state information. The stateupdate option determines the state based on the state of LB virtual server attached to the CS virtual server but in case of a policy with action the LB virtual server is determined at the run time using the action expression and hence the state returned is always returned as down.
• Issue ID 0320958: CS policies with action do not support SNMP.
• Issue ID 0320951: The show cs vserver command displays hits as zero for CSW PI policies (configured with action or without action) bound to CS virtual server. Use show cs policy command to display hits for policies configured with or without action.
• Issue ID 0334277: If you configure a transparent sessionless load balancing virtual server and set the redirection mode to MAC, the virtual server does not process traffic.

  Workaround: Configure an appropriate listen policy on the virtual server.

System

• Issue ID 0274802: In a high availability setup, if a route monitor is added within the RTST expiry time, the RTST timer restarts. Therefore, if a new route monitors is added within the RTST expiry time, the RTST timer might not expire, and that might prevent failover.

Optimizing Receive Side Scaling for Symmetric Flow

Policies

Load Balancing

• Issue ID 90395/0249705: If the rule that is used for creating rule based persistence sessions is a compound expression, the "show lb persistentSessions" CLI command displays an internal representation of the persistence parameter instead of the actual persistence parameter.
• Issue ID 90875/0250110: On a TCP load balancing virtual server, if persistence is defined with the rule 'client.tcp.payload(n)', and a request is received in multiple parts such that there is a delay between the parts and a FIN is sent from client before the expected number of bytes (n), the NetScaler appliance creates an undesired session with the received number of bytes (which is less than n).
• Issue ID 91672/0250820: If the token that is used for creating rule based persistence sessions is larger than 100 MB, the "show lb persistentSessions" CLI command does not display the persistence parameter.
• Issue ID 91711/0250846: If the string (or "token") that is used for creating rule based persistence sessions for load balancing virtual servers is larger than 64 KB, the NetScaler appliance fails to create persistence sessions. For example, the appliance fails to create persistence sessions with the rule CLIENT.TCP.PAYLOAD(70000) because the token that is used is larger than 64 KB. However, the appliance creates persistence sessions successfully with a rule such as CLIENT.TCP.PAYLOAD(70000). BEFORE_STR("string2").AFTER_STR("string1") if the string that is enclosed by "string1" and "string2" is not larger than 64 KB.
• Issue ID 0272268 (nCore and nCore VPX): The Load Balancing Wizard for Citrix Branch Repeater allows you to create multiple branches with the same subnet value.
• Issue ID 0300562 (nCore and nCore VPX): The Data Center Server Subnets screen of the Load Balancing Wizard for Citrix Branch Repeater displays an asterisk (*) as being the value of netmasks that you have set to 255.255.255.255. However, the netmask is stored correctly, and the functionality is not affected.
• Issue ID 0320963: For a policy with action, the stateupdate option returns incorrect CS virtual server state information. The stateupdate option determines the state based on the state of LB virtual server attached to the CS virtual server but in case of a policy with action the LB virtual server is determined at the run time using the action expression and hence the state returned is always returned as down.
• Issue ID 0320958: CS policies with action do not support SNMP.
• Issue ID 0320951: The show cs vserver command displays hits as zero for CSW PI policies (configured with action or without action) bound to CS virtual server. Use show cs policy command to display hits for policies configured with or without action.
• Issue ID 0334277: If you configure a transparent sessionless load balancing virtual server and set the redirection mode to MAC, the virtual server does not process traffic.

  Workaround: Configure an appropriate listen policy on the virtual server.

System

• Issue ID 0274802: In a high availability setup, if a route monitor is added within the RTST expiry time, the RTST timer restarts. Therefore, if a new route monitors is added within the RTST expiry time, the RTST timer might not expire, and that might prevent failover.

Allowing L2 Mode on a NetScaler Instance

• Issue IDs 0274172 and 0274497: A supplemental software pack supports L2 mode on NetScaler SDX appliances running XenServer 6.0. To upgrade to XenServer 6.0, see the Citrix NetScaler SDX Administration Guide. To install the supplemental software pack, see http://support.citrix.com/article/ctx132877.

  In Layer 2 (L2) mode, a NetScaler instance acts as a learning bridge and forwards all packets for which it is not the destination. With L2 mode enabled, the instance can receive and forward packets for MAC addresses other than its own MAC address. However, if a user wants to enable L2 mode on a NetScaler instance running on an SDX appliance, the administrator must first allow L2 mode on that instance. If you allow L2 mode, you must take precautions to avoid bridging loops. For more information about these precautions, see the Citrix NetScaler SDX Administration Guide.

Configuring VMACs on an Interface

• Issue IDs 0274175 and 0274498: You can now configure VMACs on an interface assigned to an instance on the NetScaler SDX appliance. A NetScaler instance uses Virtual MACs (VMACs) for high availability (active-active or active-standby) configurations. A Virtual MAC address (VMAC) is a floating entity shared by the primary and the secondary nodes in a high availability setup. You must be careful when configuring VMACs. For more information, see the Citrix NetScaler SDX Administration Guide.

Controlling the L2 Conn Behavior of Load Balancing Virtual Servers

• Issue IDs 0339846 and 0342151: The set l4 parameter command has a new parameter, l2connMethod, for specifying the MAC address, channel number, and VLAN ID attributes for the L2 Conn option behavior in a virtual server.

  For a load balancing virtual server with L2 Conn enabled and l2connMethod parameter of the set l4 parameter command is set to Channel or Vlan or VlanChannel, a client MAC address change no longer causes the NetScaler appliance to create a new session entry. Instead, the appliance updates the existing session entry with the new MAC address. This update resolves issues (especially with MBF) that were caused by the appliance using the old session entry instead of the new one.

Support for Binding LA Channels to NSVLAN

• Issue ID 21395/0195111: Users can now bind link aggregation channels to the NSVLAN (VLAN to which the NetScaler management IP (NSIP) address's subnet is bound) by using the 'set nsconfig' command.

Domain Name System

• Issue ID 0318199: If core memory is not available when the NetScaler appliance is processing an RRSIG record received in a response, the appliance fails.

Load Balancing

• Issue ID 0342151: For a load balancing virtual server with L2 conn enabled and l2connMethod parameter of the set l4 parameter command is set to Channel or Vlan or VlanChannel, a client MAC address change no longer causes the NetScaler appliance to create a new PCB/NATPCB entry. Instead, the appliance updates the existing PCB/NATPCB entry with the new MAC address. This update resolves issues (especially with MBF) that were caused by the appliance using the old PCB/NATPCB entry instead of the new one.

Networking

• Issue ID 0340259: In a High Availability setup, the static ARP entry for a peer node will be deleted if a 'partial fail' mode is triggered.

Load Balancing

• Issue ID 90395/0249705: If the rule that is used for creating rule based persistence sessions is a compound expression, the "show lb persistentSessions" CLI command displays an internal representation of the persistence parameter instead of the actual persistence parameter.
• Issue ID 90875/0250110: On a TCP load balancing virtual server, if persistence is defined with the rule 'client.tcp.payload(n)', and a request is received in multiple parts such that there is a delay between the parts and a FIN is sent from client before the expected number of bytes (n), the NetScaler appliance creates an undesired session with the received number of bytes (which is less than n).
• Issue ID 91672/0250820: If the token that is used for creating rule based persistence sessions is larger than 100 MB, the "show lb persistentSessions" CLI command does not display the persistence parameter.
• Issue ID 91711/0250846: If the string (or "token") that is used for creating rule based persistence sessions for load balancing virtual servers is larger than 64 KB, the NetScaler appliance fails to create persistence sessions. For example, the appliance fails to create persistence sessions with the rule CLIENT.TCP.PAYLOAD(70000) because the token that is used is larger than 64 KB. However, the appliance creates persistence sessions successfully with a rule such as CLIENT.TCP.PAYLOAD(70000). BEFORE_STR("string2").AFTER_STR("string1") if the string that is enclosed by "string1" and "string2" is not larger than 64 KB.
• Issue ID 0272268 (nCore and nCore VPX): The Load Balancing Wizard for Citrix Branch Repeater allows you to create multiple branches with the same subnet value.
• Issue ID 0300562 (nCore and nCore VPX): The Data Center Server Subnets screen of the Load Balancing Wizard for Citrix Branch Repeater displays an asterisk (*) as being the value of netmasks that you have set to 255.255.255.255. However, the netmask is stored correctly, and the functionality is not affected.
• Issue ID 0320963: For a policy with action, the stateupdate option returns incorrect CS virtual server state information. The stateupdate option determines the state based on the state of LB virtual server attached to the CS virtual server but in case of a policy with action the LB virtual server is determined at the run time using the action expression and hence the state returned is always returned as down.
• Issue ID 0320958: CS policies with action do not support SNMP.
• Issue ID 0320951: The show cs vserver command displays hits as zero for CSW PI policies (configured with action or without action) bound to CS virtual server. Use show cs policy command to display hits for policies configured with or without action.
• Issue ID 0334277: If you configure a transparent sessionless load balancing virtual server and set the redirection mode to MAC, the virtual server does not process traffic.

  Workaround: Configure an appropriate listen policy on the virtual server.

System

• Issue ID 0274802: In a high availability setup, if a route monitor is added within the RTST expiry time, the RTST timer restarts. Therefore, if a new route monitors is added within the RTST expiry time, the RTST timer might not expire, and that might prevent failover.

Configuring SSL Close-notify at the Entity Level

Issue ID 0257122: The close-notify parameter setting for an entity no longer has to be inherited from the global settings. You can set the close-notify parameter at the entity (virtual server, service, or service group) level. This enhancement provides the flexibility to set this parameter for one entity and unset it for another entity. However, make sure that you set this parameter at the global level. Otherwise, the setting at the entity level does not apply.

For more information, see Configuring Close-Notify.

Multiple-Firewall Environment Support

Issue ID 0243576: The firewall load balancing feature allows you to load-balance traffic coming from another firewall in a multiple-firewall environment. Having firewall load balancing enabled on both the sides of NetScaler improves the traffic flow in both the egress and ingress direction and ensures faster processing of the traffic. By default, the traffic coming from a firewall is not load balanced on the other firewall across a NetScaler.

For more information, see Multiple-Firewall Environment.

Limiting Failovers Caused by Route Monitors in HA in non-INC mode

Issue ID 0332990: In an HA configuration in non-INC mode, if route monitors fail on both the nodes, failover happens every 180 seconds till one of the nodes is able to reach all the routes monitored by the respective route monitors.

Now, for a node, you can limit the number of failovers for a given interval by setting the Maximum Number of Flips and Maximum Flip Time parameters. When the limit is reached, further failovers do not happen and the node is assigned as primary even if any route monitor fails on that node. These parameters settings are set independently on each node and therefore are neither propagated nor synchronized.

For more information, see Limiting Failovers Caused by Route Monitors in non-INC mode.

Global Server Load Balancing

• Issue ID 93051/0252048: When a load balancing virtual server that is a part of a GSLB configuration is down and receives a client request, the NetScaler appliance makes a GSLB decision and attempts an HTTP redirect or a connection proxy to a GSLB site that is UP and healthy. If source IP persistence is set on both the primary and backup GSLB virtual servers, and the core that receives the request is not the owner of the source IP persistence entry, the appliance fails when it attempts to make the GSLB decision.

Load Balancing

• Issue ID 90395/0249705: If the rule that is used for creating rule based persistence sessions is a compound expression, the "show lb persistentSessions" CLI command displays an internal representation of the persistence parameter instead of the actual persistence parameter.
• Issue ID 90875/0250110: On a TCP load balancing virtual server, if persistence is defined with the rule 'client.tcp.payload(n)', and a request is received in multiple parts such that there is a delay between the parts and a FIN is sent from client before the expected number of bytes (n), the NetScaler appliance creates an undesired session with the received number of bytes (which is less than n).
• Issue ID 91672/0250820: If the token that is used for creating rule based persistence sessions is larger than 100 MB, the "show lb persistentSessions" CLI command does not display the persistence parameter.
• Issue ID 91711/0250846: If the string (or "token") that is used for creating rule based persistence sessions for load balancing virtual servers is larger than 64 KB, the NetScaler appliance fails to create persistence sessions. For example, the appliance fails to create persistence sessions with the rule CLIENT.TCP.PAYLOAD(70000) because the token that is used is larger than 64 KB. However, the appliance creates persistence sessions successfully with a rule such as CLIENT.TCP.PAYLOAD(70000). BEFORE_STR("string2").AFTER_STR("string1") if the string that is enclosed by "string1" and "string2" is not larger than 64 KB.
• Issue ID 0272268 (nCore and nCore VPX): The Load Balancing Wizard for Citrix Branch Repeater allows you to create multiple branches with the same subnet value.
• Issue ID 0300562 (nCore and nCore VPX): The Data Center Server Subnets screen of the Load Balancing Wizard for Citrix Branch Repeater displays an asterisk (*) as being the value of netmasks that you have set to 255.255.255.255. However, the netmask is stored correctly, and the functionality is not affected.
• Issue ID 0320963: For a policy with action, the stateupdate option returns incorrect CS virtual server state information. The stateupdate option determines the state based on the state of LB virtual server attached to the CS virtual server but in case of a policy with action the LB virtual server is determined at the run time using the action expression and hence the state returned is always returned as down.
• Issue ID 0320958: CS policies with action do not support SNMP.
• Issue ID 0320951: The show cs vserver command displays hits as zero for CSW PI policies (configured with action or without action) bound to CS virtual server. Use show cs policy command to display hits for policies configured with or without action.
• Issue ID 0334277: If you configure a transparent sessionless load balancing virtual server and set the redirection mode to MAC, the virtual server does not process traffic.

  Workaround: Configure an appropriate listen policy on the virtual server.

Dynamic Content Switching Load Balancing Virtual Server Selection

• Issue ID 0248750: The NetScaler appliance now supports the dynamic selection of a load balancing virtual server. The load balancing virtual server is identified at run time by an expression in the content switching action.

Configuring SourceIP for AppFlow Traffic

• Issue ID 0288343: You can now specify the source IP address (SNIP or MIP address) to be used for AppFlow traffic. When you add an Appflow collector by using the add appflow collector command, you can use the -netprofile parameter to associate a net profile to which the source IP address is bound. If you do not set the –netprofile parameter, the Appflow exporter uses the NSIP address as the source IP address.

  > add appflow collector <col_name> -IPAddress <IP_addr>  [-netprofile {netprofile_name}]

Load Balancing

• Issue ID 0320961: The NetScaler appliance does not support parameter modification for policies configured with an action.

Global Server Load Balancing

• Issue ID 93051/0252048: If a load balancing virtual server that is a part of a GSLB configuration is down and receives a client request, the NetScaler appliance makes a GSLB decision and attempts an HTTP redirect or a connection proxy to a GSLB site that is UP and healthy. If source IP persistence is set on both the primary and backup GSLB virtual servers, and the core that receives the request is not the owner of the source IP persistence entry, the appliance fails when it attempts to make the GSLB decision.

Load Balancing

• Issue ID 90395/0249705: If the rule that is used for creating rule based persistence sessions is a compound expression, the "show lb persistentSessions" CLI command displays an internal representation of the persistence parameter instead of the actual persistence parameter.
• Issue ID 90875/0250110: On a TCP load balancing virtual server, if persistence is defined with the rule 'CLIENT.TCP.PAYLOAD(n)', and a request is received in multiple parts, with some delay between the parts, and the client sends a FIN before the expected number of bytes (n), the NetScaler appliance creates an undesired session with the received number of bytes (which is less than n).
• Issue ID 91672/0250820: If the token that is used for creating rule based persistence sessions is larger than 100 MB, the output of the "show lb persistentSessions" CLI command does not include the persistence parameter.
• Issue ID 91711/0250846: If the string (or "token") that is used for creating rule based persistence sessions for load balancing virtual servers is larger than 64 KB, the NetScaler appliance fails to create persistence sessions. For example, the appliance fails to create persistence sessions with the rule CLIENT.TCP.PAYLOAD(70000) because the token that is used is larger than 64 KB. However, the appliance creates persistence sessions successfully with a rule such as CLIENT.TCP.PAYLOAD(70000). BEFORE_STR("string2").AFTER_STR("string1") if the string that is enclosed by "string1" and "string2" is not larger than 64 KB.
• Issue ID 0272268 (nCore and nCore VPX): The Load Balancing Wizard for Citrix Branch Repeater allows you to create multiple branches with the same subnet value.
• Issue ID 0300562 (nCore and nCore VPX): The Data Center Server Subnets screen of the Load Balancing Wizard for Citrix Branch Repeater displays an asterisk (*) as the value of any netmask that you have set to 255.255.255.255. However, the mask is stored correctly, and its functionality is not affected.
• Issue ID 0320963: For a policy with an action, the stateupdate option returns incorrect content switching virtual server state information. The stateupdate option bases its determination on the state of LB virtual server attached to the content switching virtual server. Therefore, in this case, the state is always returned as DOWN, because the action expression does not determine the load balancing virtual server until run time.
• Issue ID 0320958: Content switching policies with actions do not support SNMP.
• Issue ID 0320951: The show cs vserver command displays hits as zero for default-syntax content swithing policies (configured with or without actions) bound to content switching virtual servers. Use the show cs policy command to display hits for content switching policies.

Dynamic Content Switching Load Balancing Virtual Server Selection

• Issue ID 0248750: The NetScaler appliance now supports the dynamic selection of a load balancing virtual server. The load balancing virtual server is identified at run time by an expression in the content switching action.

Global Server Load Balancing

• Issue ID 93051/0252048: If a load balancing virtual server that is a part of a GSLB configuration is down and receives a client request, the NetScaler appliance makes a GSLB decision and attempts an HTTP redirect or a connection proxy to a GSLB site that is UP and healthy. If source IP persistence is set on both the primary and backup GSLB virtual servers, and the core that receives the request is not the owner of the source IP persistence entry, the appliance fails when it attempts to make the GSLB decision.

Load Balancing

• Issue ID 90395/0249705: If the rule that is used for creating rule based persistence sessions is a compound expression, the "show lb persistentSessions" CLI command displays an internal representation of the persistence parameter instead of the actual persistence parameter.
• Issue ID 90875/0250110: On a TCP load balancing virtual server, if persistence is defined with the rule 'CLIENT.TCP.PAYLOAD(n)', and a request is received in multiple parts, with some delay between the parts, and the client sends a FIN before the expected number of bytes (n), the NetScaler appliance creates an undesired session with the received number of bytes (which is less than n).
• Issue ID 91672/0250820: If the token that is used for creating rule based persistence sessions is larger than 100 MB, the output of the "show lb persistentSessions" CLI command does not include the persistence parameter.
• Issue ID 91711/0250846: If the string (or "token") that is used for creating rule based persistence sessions for load balancing virtual servers is larger than 64 KB, the NetScaler appliance fails to create persistence sessions. For example, the appliance fails to create persistence sessions with the rule CLIENT.TCP.PAYLOAD(70000) because the token that is used is larger than 64 KB. However, the appliance creates persistence sessions successfully with a rule such as CLIENT.TCP.PAYLOAD(70000). BEFORE_STR("string2").AFTER_STR("string1") if the string that is enclosed by "string1" and "string2" is not larger than 64 KB.
• Issue ID 0272268 (nCore and nCore VPX): The Load Balancing Wizard for Citrix Branch Repeater allows you to create multiple branches with the same subnet value.
• Issue ID 0300562 (nCore and nCore VPX): The Data Center Server Subnets screen of the Load Balancing Wizard for Citrix Branch Repeater displays an asterisk (*) as the value of any netmask that you have set to 255.255.255.255. However, the mask is stored correctly, and its functionality is not affected.
• Issue ID 0320961: The NetScaler appliance does not support parameter modification for policies configured with an action.
• Issue ID 0320963: For a policy with an action, the stateupdate option returns incorrect content switching virtual server state information. The stateupdate option bases its determination on the state of LB virtual server attached to the content switching virtual server. Therefore, in this case, the state is always returned as DOWN, because the action expression does not determine the load balancing virtual server until run time.
• Issue ID 0320958: Content switching policies with actions do not support SNMP.
• Issue ID 0320951: The show cs vserver command displays hits as zero for default-syntax content swithing policies (configured with or without actions) bound to content switching virtual servers. Use the show cs policy command to display hits for content switching policies.

AES cipher support on SSLv3 protocol

Logging out of a AAA-TM Session

To put the logout action into effect, associate it with a policy and bind the policy to Global or an appropriate bind point.

Managing Services and Service Groups from Command Center

From the Monitoring tab of the Command Center client, you can now enable or disable services bound to a service group that was created by using server names instead of IP addresses.

Using Semicolons as a Delimiter for URL Parameters

Application Firewall

• Issue IDs 0305296 and 0307266: If a profile has the "Allow Semi-colon Form Field separator" option selected, or the NetScaler command line option "-semicolonFieldSeparator ON" set, a web form that uses the GET method might be blocked. To work around this issue, disable this option.

Global Server Load Balancing

• Issue ID 93051/0252048: If a load balancing virtual server that is a part of a GSLB configuration is down and receives a client request, the NetScaler appliance makes a GSLB decision and attempts an HTTP redirect or a connection proxy to a GSLB site that is UP and healthy. If source IP persistence is set on both the primary and backup GSLB virtual servers, and the core that receives the request is not the owner of the source IP persistence entry, the appliance fails when it attempts to make the GSLB decision.

Load Balancing

• Issue ID 90395/0249705: If the rule that is used for creating rule based persistence sessions is a compound expression, the "show lb persistentSessions" CLI command displays an internal representation of the persistence parameter instead of the actual persistence parameter.
• Issue ID 90875/0250110: On a TCP load balancing virtual server, if persistence is defined with the rule 'CLIENT.TCP.PAYLOAD(n)', and a request is received in multiple parts, with some delay between the parts, and the client sends a FIN before the expected number of bytes (n), the NetScaler appliance creates an undesired session with the received number of bytes (which is less than n).
• Issue ID 91672/0250820: If the token that is used for creating rule based persistence sessions is larger than 100 MB, the output of the "show lb persistentSessions" CLI command does not include the persistence parameter.
• Issue ID 91711/0250846: If the string (or "token") that is used for creating rule based persistence sessions for load balancing virtual servers is larger than 64 KB, the NetScaler appliance fails to create persistence sessions. For example, the appliance fails to create persistence sessions with the rule CLIENT.TCP.PAYLOAD(70000) because the token that is used is larger than 64 KB. However, the appliance creates persistence sessions successfully with a rule such as CLIENT.TCP.PAYLOAD(70000). BEFORE_STR("string2").AFTER_STR("string1") if the string that is enclosed by "string1" and "string2" is not larger than 64 KB.
• Issue ID 0272268 (nCore and nCore VPX): The Load Balancing Wizard for Citrix Branch Repeater allows you to create multiple branches with the same subnet value.
• Issue ID 0300562 (nCore and nCore VPX): The Data Center Server Subnets screen of the Load Balancing Wizard for Citrix Branch Repeater displays an asterisk (*) as the value of any netmask that you have set to 255.255.255.255. However, the mask is stored correctly, and its functionality is not affected.

Connection Mirroring Support for Layer 2 Connection Parameters

Support for Clearing a Specific Persistence Session

You can specify a persistence parameter in the "clear lb persistentSessions" command to clear the persistence session associated with only that parameter. Following is the command synopsis for clearing the session associated with a specific persistence parameter: clear lb persistentSessions [<vServer> [-persistenceParam <string>]] In the command, "persistenceParam" is the persistence parameter whose session you want to clear. For more information about clearing persistence sessions, see "Clearing Persistence Sessions" in the "Load Balancing" chapter of the Citrix NetScaler Traffic Management Guide for release 9.3.e.

Support for Overriding Persistence for Overloaded Services

When a service is loaded or is otherwise unavailable, service to clients is degraded. To work around this situation, you might have to configure the NetScaler appliance to temporarily forward to other services the requests that would otherwise be included in the persistence session that is associated with the overloaded service. In other words, you might have to override the persistence setting that is configured for the load balancing virtual server until the service returns to a state in which it can accept requests. You can achieve this functionality by binding a load monitor to the virtual server and setting the “skippersistency” parameter for the virtual server. For more information about overriding persistence for an overloaded service, see “Overriding Persistence Settings for Overloaded Services” in the “Load Balancing” chapter of the Citrix NetScaler Traffic Management Guide for release 9.3.e.

Wizard for Setting Up Branch Repeater Load Balancing

Terminating Established Connections that Match Simple ACLs

Configuring Clock Synchronization on the NetScaler SDX Appliance

You can now configure your NetScaler SDX appliance to synchronize its local clock with a Network Time Protocol (NTP) server. As a result, the clock on the SDX appliance has the same date and time settings as the other servers on your network. The clock synchronization configuration does not change if the appliance is restarted, upgraded, or downgraded. However, the configuration does not get propagated to the secondary NetScaler instance in a high availability setup.

Installing an SSL Certificate on the NetScaler SDX Appliance

You can now replace the default certificate that is shipped with the NetScaler SDX appliance with your own certificate. Installing an SSL certificate terminates all current client connections with the Management Service, so you have to log back on to the Management Service for any additional configuration tasks.

Single Sign-On to the Management Service and the NetScaler Instances on the NetScaler SDX Appliance

Logging on to the Management Service on a NetScaler SDX Appliance gives you direct access to the NetScaler instances that are provisioned on the appliance, if you upgrade the Management Service and the NetScaler instances to this build. After providing your user credentials to log on to the Management Service, you do not have to provide the user credentials again for logging on to an instance. By default, the Timeout value is set to 30 minutes and the configuration tab opens in a new browser window.

Upgrading the XenServer Software on the NetScaler SDX Appliance

You can now upgrade to the latest version of the XenServer software. The upgrade process can take up to 20 minutes. Before upgrading the software, upload the ISO image files to the appliance. For more information, see the NetScaler SDX Administration Guide at http://support.citrix.com/article/CTX130065.

Application Firewall

• Issue ID 0285648: With sessionless form field consistency enabled, when a web form's digest is corrupted and sent to a user, and the user submits the form back to the application firewall, the application firewall may crash.

Monitoring

• Issue ID 0282876 (nCore and nCore VPX): Address Resolution Protocol(ARP) monitors do not update the Layer 2 parameters in the server information on non-master cores.

Networking

• Issue ID 90094/0249449: Timeouts set for the anyClient and anyServer parameters of the set timeout command now also apply to the client and server transparent NAT sessions.

System

• Issue ID 0278806 (nCore): If a 10G ixgbe interface is reset, the hardware controller RX logic can possibly write to the data area of a NetScaler packet buffer (NSB) after it has been returned to the NSB free pool. This can result in NSB corruption. Interface reset can be triggered by various events, including changing flow control settings with the "set interface" command.
• Issue ID 0290271 (nCore): If a 1G e1k interface is reset, the hardware controller RX logic can possibly write to the data area of a NetScaler packet buffer (NSB) after it has been returned to the NSB free pool. This can result in NSB corruption. Interface reset can be triggered by various events, including changing flow control settings with the "set interface" command.

Global Server Load Balancing

• Issue ID 93051/0252048: If a load balancing virtual server that is a part of a GSLB configuration is down and receives a client request, the NetScaler appliance makes a GSLB decision and attempts an HTTP redirect or a connection proxy to a GSLB site that is UP and healthy. If source IP persistence is set on both the primary and backup GSLB virtual servers, and the core that receives the request is not the owner of the source IP persistence entry, the appliance fails when it attempts to make the GSLB decision.

Load Balancing

• Issue ID 90395/0249705: If the rule that is used for creating rule based persistence sessions is a compound expression, the "show lb persistentSessions" CLI command displays an internal representation of the persistence parameter instead of the actual persistence parameter.
• Issue ID 90875/0250110: On a TCP load balancing virtual server, if persistence is defined with the rule 'CLIENT.TCP.PAYLOAD(n)', and a request is received in multiple parts, with some delay between the parts, and the client sends a FIN before the expected number of bytes (n), the NetScaler appliance creates an undesired session with the received number of bytes (which is less than n).
• Issue ID 91672/0250820: If the token that is used for creating rule based persistence sessions is larger than 100 MB, the output of the "show lb persistentSessions" CLI command does not include the persistence parameter.
• Issue ID 91711/0250846: If the string (or "token") that is used for creating rule based persistence sessions for load balancing virtual servers is larger than 64 KB, the NetScaler appliance fails to create persistence sessions. For example, the appliance fails to create persistence sessions with the rule CLIENT.TCP.PAYLOAD(70000) because the token that is used is larger than 64 KB. However, the appliance creates persistence sessions successfully with a rule such as CLIENT.TCP.PAYLOAD(70000). BEFORE_STR("string2").AFTER_STR("string1") if the string that is enclosed by "string1" and "string2" is not larger than 64 KB.
• Issue ID 0272268 (nCore and nCore VPX): The Load Balancing Wizard for Citrix Branch Repeater allows you to create multiple branches with the same subnet value.
• Issue ID 0300562 (nCore and nCore VPX): The Data Center Server Subnets screen of the Load Balancing Wizard for Citrix Branch Repeater displays an asterisk (*) as the value of any netmask that you have set to 255.255.255.255. However, the mask is stored correctly, and its functionality is not affected.

Cloud Bridge

• Req ID 0270815: The configuration utility now includes a wizard that helps you to easily configure a cloud bridge between a NetScaler appliance on any network and NetScaler VPX instances on the SOFTLAYER enterprise cloud.

  For more information, see the Cloud Bridge chapter of the Citrix NetScaler Networking Guide, available at http://support.citrix.com/article/CTX130085.

• Req ID 0262566: The following statistical counters have been introduced for IPSEC tunnels:
  • Bytes Received
  • Bytes Sent
  • Packets Received
  • Packets Sent

  For more information, see the man page for the 'stat IPSEC counters' command.

• Req ID 0261540: For an IPSEC tunnel, the NetScaler appliance now performs the standard IKEv2 liveliness check on the peer at a regular interval, which is user configurable. After performing the check, the appliance displays the status of the tunnel as UP or DOWN.
• Req ID 0258969: By using the configuration utility, you can now configure a cloud bridge between a NetScaler appliance on any network and NetScaler VPX instances on the COTENDO enterprise cloud.

Networking

• Req ID 84792/0245142: In a High Availability (HA) configuration, you can now create route monitors in non-INC mode. Route monitors are propagated and get synchronized only in the non-INC mode. Route monitors are useful in a non-INC mode HA configuration in whichyou want the non-reachability of a gateway from a primary node to be one of the conditions for HA failover.

  For more information, see the "Configuring Route Monitors" section in the High Availability chapter of the Citrix NetScaler Networking Guide, available at http://support.citrix.com/article/CTX130085.

• Req ID 0262405: You can now configure the NetScaler appliance to respond or not respond to ARP requests for a Virtual IP (VIP) address on the basis of the state of the virtual servers associated with that VIP.

  For more information, see the "Configuring ARP Response Suppression for Virtual IP addresses (VIPs)" section in the IP Addressing chapter of the Citrix NetScaler Networking Guide, available at http://support.citrix.com/article/CTX130085.

• Req ID 94655/0258893: You can now bind a NetScaler owned SNIP address to an interface without using Layer 3 VLANs. Any packets related to the SNIP address will go only through the bound interface.

  For more information, see the "Binding an NetScaler Owned IP address to an Interface" section in the Interface chapter of the Citrix NetScaler Networking Guide, available at http://support.citrix.com/article/CTX130085.

Networking

• Issue IDs 94162/0257992 and 0262493: For a connection from a virtual server to the bound server, the NetScaler appliance uses the SNIP address instead of the net profile IP addresses configured for the virtual server.

Configuration Utility

• Issue ID 0269486: In a High availability (HA) configuration, the configuration utility does not display the route monitors configured on the NetScaler appliances. Also, when a route monitor is configured to monitor a default route, the configuration utility displays the secondary node's IP address as 0.0.0.0.

System

• Issue ID 93475/0257369: When the NetScaler appliance releases memory for a data structure, which is used for tracking NAT info, an associated field related to net bridge configuration fails to get released. When the server side connection picks the same data structure, the appliance sends data on a bridge, which is not configured. This leads to memory leak.
• Issue ID 94442/0258246 and 93593/0257475: When device name length exceeds 256 characters, then the length stored is truncated. However, the NetScaler appliance allocates more memory to store the device name and while releasing the memory, the appliance releases less memory than the extended. This leads to memory leak.

High Availability

• Issue ID 92866/0251883: In an HA configuration in non-inc mode, the config sync operation does not sync the bind Routemonitor command to the secondary appliance.
• Issue ID 93068/0252065: In an HA configuration in non-inc mode, when the configuration is cleared by the clear config command or as part of a config sync operation, route monitors are modified but no health check is done. Therefore, node state is not updated properly.

Global Server Load Balancing

• Issue ID 93051/0252048: If a load balancing virtual server that is a part of a GSLB configuration is down and receives a client request, the NetScaler appliance makes a GSLB decision and attempts an HTTP redirect or a connection proxy to a GSLB site that is UP and healthy. The appliance fails when making this GSLB decision if source IP persistence is set on both the primary and backup GSLB virtual servers and if the core that receives the request is not the owner of the source IP persistence entry.

Load Balancing

• Issue ID 90395/0249705: If the rule that is used for creating rule based persistence sessions is a compound expression, the "show lb persistentSessions" CLI command displays an internal representation of the persistence parameter instead of the actual persistence parameter.
• Issue ID 90875/0250110: On a TCP load balancing virtual server, if persistence is defined with the rule 'CLIENT.TCP.PAYLOAD(n)', and a request is received in multiple parts, with some delay between the parts, and the client sends a FIN before the expected number of bytes (n), the NetScaler appliance creates an undesired session with the received number of bytes (which is less than n).
• Issue ID 91672/0250820: If the token that is used for creating rule based persistence sessions is larger than 100 MB, the output of the "show lb persistentSessions" CLI command does not include the persistence parameter.
• Issue ID 91711/0250846: If the string (or "token") that is used for creating rule based persistence sessions for load balancing virtual servers is larger than 64 KB, the NetScaler appliance fails to create persistence sessions. For example, the appliance fails to create persistence sessions with the rule CLIENT.TCP.PAYLOAD(70000) because the token that is used is larger than 64 KB. However, the appliance creates persistence sessions successfully with a rule such as CLIENT.TCP.PAYLOAD(70000). BEFORE_STR("string2").AFTER_STR("string1") if the string that is enclosed by "string1" and "string2" is not larger than 64 KB.

Sessionless Field Consistency

With the sessionless Field Consistency Check feature, the application firewall does not store web forms in memory. Instead, it adds a hidden form field named as_ffc_field to each form before forwarding it to the client. When the client submits the form, the application firewall extracts as_ffc_field and compares it to the remaining form to establish field consistency.

By default, sessionless Field Consistency is disabled. The following CLI commands configure sessionless Field Consistency:

add appfw profile <name> -sessionlessFieldConsistency (ON|OFF|postOnly)

set appfw profile <name> -sessionlessFieldConsistency (ON|OFF|postOnly)

Virtual Server - Options of Response to PING

You can now configure the NetScaler appliance not to respond to a ping message if the virtual server is DOWN. This option is available for load balancing, content switching, cache redirection, and VPN virtual servers. It can be set at the IP-address level or the virtual-server level. By default, the appliance responds to a ping message even if one or more virtual servers are DOWN. The option functions as described below:

This option can be set on an IP address only if it is a VIP address.

CLI commands:

set ip <IPAddress> -icmpresponse (NONE | ONE_VSERVER | ALL_VSERVERS | VSVR_CNTRLD)

set lb vserver <name> -icmpVsrResponse (PASSIVE | ACTIVE)

You can replace lb with cs, cr or vpn.

GUI:

Create/Configure IP dialog box: The ICMP Response dropdown list

Create/Configure Virtual Server>>Advanced tab: The ICMP VServer Response dropdown list

Denying Nonsecure SSL Renegotiation

SSL and TLS renegotiations are vulnerable to an MITM attack that injects its own content as a prefix to a TLS connection. A new option addresses this vulnerability. If you specify NONSECURE as the value of the denySSLReneg parameter in the "set ssl parameter" command, any nonsecure renegotiations are denied. For more information about this attack, see RFC 5746. For more information about setting this parameter, see "Configuring Advanced SSL Settings" in the "SSL Offload and Acceleration" chapter of the Citrix NetScaler Traffic Management Guide at http://support.citrix.com/article/CTX130084.

Rule Based Persistence Support for Load Balancing Virtual Servers of Type TCP and SSL_TCP

You can now configure a rule to define persistence criteria for load balancing virtual servers of type TCP and SSL_TCP. The persistence criteria can be based on TCP/IP protocol data, Layer 2 data, TCP options, and TCP payloads (even if the protocol that is encapsulated in the TCP payload is not HTTP). In the "add lb vserver" or "set lb vserver" CLI command, set the "persistenceType" parameter to "RULE," and then configure a rule for the rule parameter. You can define rules to configure persistence based on source and destination ports, source and destination IP addresses and IP octets, source and destination MAC addresses, VLAN IDs, payload content, and so on. Following are examples of expressions that you can use to define persistence criteria:

Following is an example of a command that you can use to configure rule based persistence based on the destination IP address in the client request: add lb vserver mylbvserver SSL_TCP 192.0.2.0 443 -persistenceType RULE -rule CLIENT.IP.DST.

You cannot set the "resRule" parameter for load balancing virtual servers of type TCP or SSL_TCP.

For more information, see the "Load Balancing" chapter of the Citrix NetScaler Traffic Management Guide at http://support.citrix.com/article/CTX130084, which includes a section titled "Configuring Persistence Based on User-Defined Rules." The chapter also has a "Use Cases" section, in which "Configuring Rule Based Persistence Based on a Name-Value Pair in a TCP Byte Stream" describes how to configure rule based persistence for servers that communicate Financial Information eXchange (FIX) protocol data over TCP.

Global Server Load Balancing

• Issue ID 93051: If a load balancing virtual server that is a part of a GSLB configuration is down and receives a client request, the NetScaler appliance makes a GSLB decision and attempts an HTTP redirect or a connection proxy to a GSLB site that is UP and healthy. The appliance fails when making this GSLB decision if source IP persistence is set on both the primary and backup GSLB virtual servers and if the core that receives the request is not the owner of the source IP persistence entry.

Load Balancing

• Issue ID 90395: If the rule that is used for creating rule based persistence sessions is a compound expression, the "show lb persistentSessions" CLI command displays an internal representation of the persistence parameter instead of the actual persistence parameter.
• Issue ID 90875/0250110: On a TCP load balancing virtual server, if persistence is defined with the rule 'CLIENT.TCP.PAYLOAD(n)', and a request is received in multiple parts, with some delay between the parts, and the client sends a FIN before the expected number of bytes (n), the NetScaler appliance creates an undesired session with the received number of bytes (which is less than n).
• Issue ID 91672/0250820: If the token that is used for creating rule based persistence sessions is larger than 100 MB, the output of the "show lb persistentSessions" CLI command does not include the persistence parameter.
• Issue ID 91711: If the string (or "token") that is used for creating rule based persistence sessions for load balancing virtual servers is larger than 64 KB, the NetScaler appliance fails to create persistence sessions. For example, the appliance fails to create persistence sessions with the rule CLIENT.TCP.PAYLOAD(70000) because the token that is used is larger than 64 KB. However, the appliance creates persistence sessions successfully with a rule such as CLIENT.TCP.PAYLOAD(70000). BEFORE_STR("string2").AFTER_STR("string1") if the string that is enclosed by "string1" and "string2" is not larger than 64 KB.

Content Switching

When you run the 'show cs vserver' command, you can now view the content switching policies associated with the virtual server in the order of the priority of the policies rather than by the chronological order in which they are bound.

This enhancement can help you know the order in which the content switching polices are applied and, therefore, understand how client requests are routed. The configuration utility also shows the content switching policies in the order of their priority.

For more information, see the "Viewing the Properties of Content Switching Virtual Servers" section in the Content Switching chapter of the Citrix NetScaler Traffic Management Guide, available at http://support.citrix.com/article/CTX128670.

Networking

You can now enable a NetScaler appliance to forward all the ICMP fragments of an ICMP echo request, destined to a network device, and the ICMP fragments of the corresponding echo response.

One example of the usefulness of this enhancement involves a NetScaler appliance and a Windows 2000 Server.

The Windows 2000 server sends an ICMP request of size 2048 for slow link detection. The NetScaler appliance successfully forwards the ICMP fragments of the ICMP request to the destination network device, and the ICMP fragments of the ICMP response from the network device to the Windows 2000 server.

Surge Protection

If you want to flush the surge queue of a service, service group, or a load balancing or content switching virtual server, now you do not need to disable the NetScaler entity. With this enhancement, you can manage the traffic in surge conditions without affecting the existing traffic.

Options are added to the command line interface and configuration utility to flush a surge queue. Flushing a surge queue does not affect the existing connections. Only the requests present in the surge queue get deleted. For those requests, the client has to make a fresh request.

When you flush the surge queue of a virtual server, the surge queues of all the services and service groups bound to it are flushed. When you flush the surge queue of a service group, surge queues of all its members are flushed. You can flush the surge queue of one or more members of a service group without flushing the surge queues of all its members. You can flush the surge queue of a specific service.

In the configuration utility, when you select an entity the 'Flush Surge Queue' option is available in the action pane. In the command line interface 'flush ns surgeQ' option is added with necessary options.

For more information, see the "Flushing the Surge Queue" section in the Load Balancing chapter of the Citrix NetScaler Traffic Management Guide, available at http://support.citrix.com/article/CTX128670.

High Availability

• Issue ID 92866: In an HA configuration in non-inc mode, the config sync operation does not sync the 'bind Routemonitor' command to the secondary appliance.
• Issue ID 93068: In an HA configuration in non-inc mode, when the configuration is cleared by the clear config command or as part of a config sync operation, route monitors aremodified but no health check is done. Therefore, node state is not updated properly.

Networking (Req ID 76605)

You can now create a rule that creates an entry, called a forwarding session entry, on the NetScaler appliance for traffic that originates from a particular network and is forwarded by the appliance. Such a rule is useful in cases where the NetScaler appliance forwards a client request to a server and the response from the server needs to traverse back through the same path as the client request. For more information, see the "Configuring Forwarding Session Rule" section in the Citrix NetScaler Networking Guide, available at http://support.citrix.com/article/CTX130085.

Load Balancing (Req ID 80657)

You can specify an IP address to be used by the NetScaler appliance as the source IP address for communication with the physical servers and peer devices. You can create IP sets, which are sets of IP addresses. You can create net profiles, which have an IP address or an IP Set, and bind a net profile to a service, service group, load balancing virtual server, or monitor. The appliance uses the IP address specified in the net profile as the source IP address. For more information, see the "Using a Specified Source IP for Backend Communication" section in the in the Citrix NetScaler Traffic Management Guide, available at http://support.citrix.com/article/CTX130084.

Load Balancing (Req ID 85661)

When adding or modifying a service, you can now specify a string as a server ID. The string can have up to 47 characters and contain alphanumeric characters and dashes.

In the command line interface use the -customServerId <string> parameter instead of -serverId <positive integer>, which is being deprecated.

Example: set service SE_WEB_SVR1 -customServerId 4324-7658-fer9-4324.

For more information, in Citrix eDocs, see NetScaler > NetScaler 9.3 > Load Balancing > Customizing a Load Balancing Configuration > Persistence and Persistence Connections > Custom Server ID Persistence.