Citrix NetScaler VPX Cloud Bridge: Install Walkthrough Part 1/2: Setting Up the Demo Lab

The following lab is going to run through the steps to build a working NetScaler Cloud Bridge demo setup from scratch. The lab aims to demonstrate that a guest machine in Site A on Site A's subnet, can successfully communicate with a machine on Site B's network but with an IP address from Site A's subnet, and vice versa.

1: Prerequisites

i: NetScaler VPX appliance
Presently, the NetScaler VPX Platinum Evaluation is available at and registering for the trial will provide access to downloads for NetScaler VPX on XenServer, VMware, and Hyper-V; and a license code for a 90 day evaluation.
*The following lab used the NetScaler VPX on VMware version 9.3-52.3

ii: 2x NetScaler Platinum Edition License Codes
Applying for the NetScaler VPX Platinum Evaluation twice will provide the two required Platinum Edition License Codes.
*The license keys will be obtained later after obtaining the MAC addresses of the NetScaler VPX appliances.
*Source : Cloud Bridge is also included as part of the larger NetScaler Platinum Edition on either-NetScaler SDX™, MPX™ or VPX™ appliance platforms.

iii: A login for
It is free to register for an account which will later allow for download of license keys for the NetScaler VPX appliances.

iv: A suitable hypervisor
This can be either Citrix XenServer, VMware ESX(i), VMware Workstation 8, or Hyper-V.
The NetScaler VPX Appliances come pre-configured with 2GB, 2 processors, and 20GB disk (about 350MB with thin-provisioning,) and would recommend the hypervisor has at least 6 GB free memory to play with, and 6 GHz available processing power.
*This lab uses VMware Workstation 8 which can open OVF templates (Workstation 7 could not open OVF templates,) and this was running on top of a Windows 7 Workstation with 6 GB memory and an AMD Phenom 9950 Quad-Core 2.6GHz Processor.

iv: 4x Network Segments
More detail in Section B.

v: A router to simulate traversing the internet
*This lab uses a virtual Windows Server 2003 system running Routing and Remote Access.
*To demonstate the Cloud Bridge in action, using a point-to-point type link is not totally sufficient since two NetScalers connected across a point-to-point type link can work as a capable standard bridge without needing Cloud Bridge; hence a router is introduced into this lab setup.

vi: 2x Suitable Endpoints to Test the CloudBridge
Essentially, just something to ping with and reply to ping packets; may be useful to have an internet browser too.
*The following lab uses Windows XP virtual machines

2: The Lab Setup

i: The Networks

Site A (LAN): VMnet1 with Subnet IP, Subnet Mask, Gateway
Site B (LAN): VMnet2 with Subnet IP, Subnet Mask, Gateway
Site A (WAN Side): VMnet3 with Subnet IP, Subnet Mask
Site B (WAN Side): VMnet4 with Subnet IP, Subnet Mask
CloudBridged Network: Subnet IP (or Site A's LAN)
*Note that the VMnet1 and VMnet 2 networks, are configured as "Host-only" networks, and that the "Connect a host virtual adapter to this network" option is ticked for VMnet1 and VMnet2 (this allows the host workstation – which takes an X.X.X.1 IP address – access to the NetScalers' GUI for configuration purposes, and later we can uncheck this option to prove no traffic is travelling via the host.)

ii: The Virtual Machines
Site A:

(Windows XP Workstation A)
NIC1 on VMnet1
> IP

(NetScaler VPX A)
NIC1 on VMnet1 for
NIC2 on VMnet3 for
> IP (for the Cloud Bridge)

The "Internet":

(Windows 2003 Server running Routing and Remote Access)
NIC1 on VMnet3 for
> IP
NIC2 on VMnet4 for
> IP

Site B:

(Windows XP Workstation B)
NIC1 on VMnet2
> IP

(NetScaler VPX B)
NIC1 on VMnet2 for
NIC2 on VMnet4 for
> IP (for the Cloud Bridge)

Additional Notes:
*NSIP = NetScaler Management IP
*SNIP = Subnet IP
*MIP = Mapped IP
*The & addresses are not specifically assigned/configured on NIC2; the NetScaler is intelligent enough to link the routers IP address in its ARP table as being available via NIC2, and – with the addition of a route to traverse the router – knows to send remote 192.168.30/40.X traffic down NIC2 to the router

3: Basic Configuration of the NetScalers
*This section continues from having imported two NetScaler VPX appliances into whatever hypervisor environment is being used; and having configured the networks, endpoints, and router, similarly to the above.

3.1: Basic Configuration
1) Power on NSVPXA
2) Via the console, complete the prompts to configure IPv4 address of, Netmask of, and Gateway of; and then select option 4 and press enter to save the changes.
*To re-run the basic IP setup configuration from CLI, at the > prompt type config ns
3) Using an internet browser; log in to the NetScaler GUI on using the default credentials (User Name = nsroot, Password = nsroot)
Run through the setup wizard > provide the Host Name of NSVPXA, provide the SNIP Address of with Netmask of : Next > Next > Finish > Exit
*The Setup Wizard can be re-initiated at any time via the NetScaler GUI

3.2: Licensing
1) Log in via the console or using SSH (PuTTY), with the default credentials of:
login = nsroot
Password = nsroot
2) At the > prompt type: shell
3) At the root@NSVPXA# prompt type: lmutil lmhostid -ether
- and record the host ID (MAC address) from the output
root@NSVXPA# lmutil lmhostid -ether
lmutil - Copyright (c) 1989-2007 Macrovision Europe Ltd. and/or Macrovision Corporation. All Rights Reserved.
The FLEXnet host ID of this machine is "000c29c00fe5"
4) Go to and log in choosing the destination "Licensing Management," and obtain the license file (Allocate -> Don't see your product? > Enter license code : Continue > Host Name Warning : Continue > Enter Host ID : Continue > Confirm > OK to download the .lic file)
5) Use WinSCP or similar to copy the .lic file to the NetScaler's /nsconfig/license folder
6) At the root@NSVPXA# prompt, type: exit
*to get back to the > prompt
7) At the > prompt type: save ns config
8) At the > prompt type: shutdown -r now
- and type Y at the prompt for "Are you sure ... ?", then press enter
9) After the restart, log in via the console or using SSH
10) At the > prompt type: enable ns feature CloudBridge
11) At the > prompt type: enable ns mode l2
12) At the > prompt type: save ns config



  1. Very nice staff :) Still, I was not able to make it work. Isnt it possible that there are some mistakes? E.g. shouldnt wxpwsb's IP be and nsvpxb's SNIP That would make more sense. I also do not really understand the routes.

    1. Hello Anonymous. WXPWSB's IP is correct as we are stretching the 10.10.10.X LAN from Site A. I'd recommend running through the material at: for more information.


Post a Comment