Exploring Citrix/NetScaler configs
This project aims to explore the process of breaking down, analyzing and abstracting applications from a Citrix NetScaler config/archive (.conf/.tgz)
Future goals include conversion outputs for different supported F5 solutions, including BIG-IP TMOS, NGINX and F5 Distributed Cloud (XC)
It is recommended to install the ns.conf vscode extension by Tim Denholm (timdenholm.netscaler). This extension provides nice synctax highlighting for the ns config. https://marketplace.visualstudio.com/items?itemName=timdenholm.netscaler#overview. Great work Tim!
Greetings, I need help to grow this tool. It is at a point where I need feeback from the field about the application abstraction process and diagnostic rules. Please, use the tool and provide any feedback/issues via github. ANY and ALL feedback is respected and appreciated. Thank you.
If your looking to contribute a little more, here are some ways;
This phase is about unpacking an archive and/or parsing the ns.conf file.
Parsing includes the process of organizing and converting the important config lines into a structure that is a bit more predictable and searchable. This process basically breaks down the config file into a json structure that allows subsequent processes to realiably search for and access key data when needed. (see breakdown process)
This phase of the roadmap is focused on crawling the parsed config and abstracting applications. In these early phases of the project, we have tested with v10 through v13.1. There is currently no deviation from this process based on these version. This will probably change as the project progresses.
This phase is focused on analyzing the individual applications produced by the abstraction process.
The foundation is to use vscode diagnostics and supporting ruleset to provide feedback about different ns config pieces/options/parameters
This information may possibly get fed back into the abstration process to help identify key application features for converstion outputs.
This phase is focused on utilizing the information gathered from the diagnostics and abstraction process to provide the beginning of deploying a similar application on F5 technology (XC/TMOS/NGINX).
This phase will begin once we have more confidence that phases two and three are providing solid output to base the conversions on. This is the major request for feedback. To help fine tune the abstraction and analytics.
The goal here is to provide details about the applications current features on NS/ADC and some output to begin deploying that application in the different F5 technologies. A single click, production grade application conversion is the goal, but realistically, an understanding of the features and a path/assistance getting there is probably more of where things will land.
These outputs will probably include basic AS3 for TMOS/NEXT, JSON body for deployment on F5 Distributed Cloud, and possibly configuration snippets for NGINX (or declarative json)
Please check out the github issues for details on bugs and enhancements. Don't hesitate to open an issue to request a feature, ask a question, or provide feedback.
There is currently a report to output all the details from the tool. This include all the details about the unpacking/parsing/app-abstraction process and details about the diagnstics.
There are additional stats to understand numbers of applications, breakdown of the different types of applications and supporting configuration objects. High level diagnostic stats, along with per-app diagnostics are also included.
The goal for this report is to provide a full output to easily search, reference and add notes to when working through the process
if file is .conf, skip to next step...
example
{
"add": {
"lb": {
"monitor": {
"app1-http-monitor": "some monitor configuration details"
},
"vserver": {
"app1-80-vsrv": "details/notes/options/references",
"app1-443-vsrv": "details/notes/options/references"
}
},
"ssl": {
"certKey": {
"cert1": "asdf",
"key1": "asdf"
}
},
"server": {}
},
"bind": {
"lb": {
"vserver": {
"app1-443-vsrv": "bind details"
}
}
},
"set": {
"ssl": {
"cert1": "details"
}
}
}
This second phase will loop through each 'add vs vserver' and 'add lb vserver' to walk the config tree and abstract each application's config
Add walking details...
Add walking details...
flowchart TD
A[Incoming request]-->C{CS or LB?}
C -->acv[add cs verser]
acv -->bcsvs[bind cs vserver]
bcsvs-->|"-policyName"|acsp[add cs policy]
acsp-->|"-action"|acsa[add cs action]
acsa-->albvs
bcsvs-->|"-lbvserver"|albvs
acsp-->aafp[add appflow policy]
aafp-->aafa[add appflow action]
aafa-->aafc[add appflow collector]
C -->albvs[add lb vserver]
albvs-->ssvserver[set ssl verver]
albvs-->blbvs[bind lb vserver]
blbvs-->aservice[add service]
aservice-->aserver[add server]
blbvs-->asg[add serverGroup]
asg-->bsg[bind serviceGroup]
bsg-->aserver
bsg-->albm[add lb monitor]
albm-->blbm[bind lb monitor]
aservice-->albm
add cs vserver
Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0. Minimum value: 0 Maximum value: 4094
NS ServiceType | F5 Profiles | Additional Optional F5 profiles |
---|---|---|
HTTP | TCP/HTTP | - |
SSL | TCP/HTTP/clientssl | serverssl |
TCP | TCP | - |
FTP | TCP | - |
RTSP | TCP/RTSP | - |
SSL_TCP | TCP/clientssl | serverssl |
UDP | UDP | - |
DNS | UDP | dns |
SIP_UDP | UDP | SIP |
SIP_TCP | TCP | SIP |
SIP_SSL | TCP/clientssl | SIP |
ANY | TCP | - |
RADIUS | UDP | RADIUS |
RDP | TCP | - |
MYSQL | TCP | - |
MSSQL | TCP | - |
DIAMETER | TCP | Diameter |
SSL_DIAMETER | TCP/clientssl | Diameter |
DNS_TCP | TCP | DNS |
ORACLE | TCP | - |
SMPP | TCP | - |
PROXY | ? | - |
MONGO | ? | - |
MONGO_TLS | TCP/clientssl | - |
MQTT | - | - |
MQTT_TLS | TCP/clientssl | - |
HTTP_QUIC | - | - |
https://developer-docs.netscaler.com/en-us/adc-command-reference-int/13/lb/lb-vserver#add-lb-vserver
add lb vserver
NS ServiceType | F5 Profiles | Additional Optional F5 profiles |
---|---|---|
HTTP | TCP/HTTP | - |
FTP | TCP | - |
TCP | TCP | - |
UDP | UDP | - |
SSL | TCP/clientssl | serverssl/HTTP? |
SSL_BRIDGE | TCP/clientssl | FastL4?/serverssl |
SSL_TCP | TCP/clietssl | serverssl |
DTLS | UDP/clientssl? | - |
NNTP | TCP | - |
DNS | UDP | - |
DHCPRA | TCP | dhcpv4 |
ANY | tcp | - |
SIP_UDP | - | - |
SIP_TCP | - | - |
SIP_SSL | - | - |
DNS_TCP | - | - |
RTSP | - | - |
PUSH | - | - |
SSL_PUSH | - | - |
RADIUS | - | - |
RDP | - | - |
MYSQL | - | - |
MSSQL | - | - |
DIAMETER | - | - |
SSL_DIAMETER | - | - |
TFTP | - | - |
ORACLE | - | - |
SMPP | - | - |
SYSLOGTCP | - | - |
SYSLOGUDP | - | - |
FIX | - | - |
SSL_FIX | - | - |
PROXY | - | - |
USER_TCP | - | - |
USER_SSL_TCP | - | - |
QUIC | - | - |
IPFIX | - | - |
LOGSTREAM | - | - |
MONGO | - | - |
MONGO_TLS | - | - |
MQTT | - | - |
MQTT_TLS | - | - |
QUIC_BRIDGE | - | - |
HTTP_QUIC | - | - |
https://docs.nginx.com/nginx/deployment-guides/migrate-hardware-adc/citrix-adc-configuration/
https://community.f5.com/t5/codeshare/citrix-netscaler-to-f5-big-ip/ta-p/277635
https://github.com/cstalhood/Get-ADCVServerConfig
https://www.carlstalhood.com/netscaler-scripting/
https://support.citrix.com/article/CTX241500/citrix-adc-firmware-release-cycle
Citrix has announced following updates to the Citrix ADC firmware release cycle.
For now, focus will be on v12.1+ since it was the most recent to fall off maintenance
https://www.citrix.com/support/product-lifecycle/product-matrix.html
Product | Version | Language | NSC* | EOS* | EOM* | EOL* |
---|---|---|---|---|---|---|
NetScaler Firmware | 13.1 (GA: 15-Sep-21) | EN | N/A | N/A | 15-Sep-25 | 15-Sep-26 |
NetScaler Firmware | 13.0 (GA: 15-May-19) | EN | N/A | N/A | 15-Jul-23 | 15-Jul-24 |
NetScaler Firmware | 12.1 (GA: 25-May-18) | EN | N/A | N/A | 30-May-22 | 30-May-23 |
https://support.citrix.com/article/CTX222891/how-to-obtain-nsconf-file-from-netscaler
Below are some questions and items to consider when looking to migrate.
https://support.citrix.com/article/CTX476864/notice-of-change-announcement-for-perpetual-citrix-adc-eos https://www.citrix.com/support/product-lifecycle/product-matrix.html
https://www.techtarget.com/searchenterprisedesktop/news/252529104/Thousands-of-Citrix-Tibco-employees-laid-off-following-merger https://www.reuters.com/business/finance/banks-brave-junk-debt-jitters-with-38-bln-citrix-bond-sale-2023-04-03/ https://www.theregister.com/2023/03/03/citrix_universal_license/
https://www.crn.com/news/cloud/-brutal-citrix-tibco-layoffs-hit-thousands-of-employees-sources
As I started this journey, and knowing very little about NetScaler, I decided to ask ChatGPT and see just how much help it would be.
So, while none of the configs it produced were a straight copy/paste into the respective technologies, it did get most of the way. Enought to provide a ton of value and help me quickly understand what I was working with.
Here is a document outlining the conversation
https://github.com/f5devcentral/vscode-f5-flipper/blob/main/chatGPT.md