9

The Citrix Netscaler has an interesting property that embeds information in the TCP packet that gets sent to the host. This property is echoed back to the Netscaler in such a way that the Netscaler can use this to determine which Virtual Server, host, and route this must take.

The ability to echo proprietary information to a host has interesting applications.

  • How does the Citrix Netscaler achieve this (where does it stuff the bits), and what other locations in the packet can the Netscaler (or similar device) theoretically stuff data?

  • What devices will (or will not) allow this custom data to pass through untouched?

makerofthings7
  • 8,911
  • 34
  • 121
  • 197
  • 1
    The NetScaler does what exactly? To my best knowledge, it is mostly a (reverse) proxy server with support for Citrix remoting protocols. – the-wabbit Mar 22 '13 at 23:02
  • Wireshark has the ability to decode this information. In there is the Virtual Server ID, among other things. This is most useful when using "source routing" and setting the web server's default GW to the SNIP of the NS. – makerofthings7 Mar 22 '13 at 23:06
  • 2
    could you paste a sample packet to http://cloudshark.org and link it here? I still can't spot what you are asking for. – the-wabbit Mar 22 '13 at 23:12
  • 1
    [Yahoo L3DSR](https://github.com/yahoo/l3dsr) also works similarly, they encode extra information in DSCP field of IP header which their kernel module decodes. – abbe Mar 24 '13 at 14:11
  • What is the host you talk about? If it is the realserver behind the Netscaler why would it need to echo information back? The answer will be sent back to the original sender by the Netscaler. Please elaborate more on the setup. Please paste a pcap with the packets if possible. – Sebastian Wiesinger Apr 05 '13 at 20:44

1 Answers1

3

Most likely they are using the ToS header (DSCP). It will allow for six bits of information to be stored in the header and most often devices wont take any action based on what's stored there [especially end-users].

All devices allow ToS through as it is part of the standard IPv4 header.

Dave
  • 316
  • 2
  • 8