Citrix ADC

Citrix ADC (Application Delivery Controller) is a comprehensive application delivery and load-balancing solution designed to optimize application performance, availability, and security. Formerly known as NetScaler ADC, Citrix ADC provides a range of features and functionalities to ensure that applications are delivered efficiently to end-users. Citrix ADC can function as a gateway, providing secure access to applications and data for remote users. This functionality, often called the Citrix Gateway, includes features such as Virtual Private Network (VPN) capabilities, authentication, and access control.

Traceable allows you to mirror the traffic from Citrix ADC by creating an IP tunnel to the Virtual machine where the Traceable Platform agent is installed. The following figure shows a high-level deployment.

Before you begin

Make a note of the following points before proceeding with the integration:

• Choose the type of VM from Ubuntu or RHEL where you want to install the Traceable Platform agent.

• Launch an Ubuntu or RHEL VM. The Traceable Platform agent would be installed on this VM, and the IP address of the VM would be the IP address of the Traceable Platform agent.

• Make sure that you have already installed and configured Citrix ADC (formerly Netscaler).

• Note the IP address of Citrix ADC’s interface that will send the mirror data.

• Note the IP address of the Traceable Platform agent. This will receive the mirrored traffic.

• Save the Traceable agent token. Go to Traceable's platform and navigate to Settings () → Account → Access Tokens → Agent Token. Copy and save the token. You will need it in the Traceable agent installation process.

• For more information on traffic mirroring from Citrix ADC, see the Citrix documentation.

Configuration

The configuration to mirror the traffic consists of the following three steps:

1. Creating an IP tunnel on the VM where the Traceable Platform agent will be installed.

2. Install Traceable agent

3. Steps in Citrix ADC.

Step 1 - Create an IP tunnel and install the Platform agent

You first need to create an IP tunnel to the VM from Citrix ADC, as shown in the deployment diagram above. Complete the steps for the type of VM you have chosen.

Ubuntu VM

Create a file /etc/netplan/51-iptunnel.yaml and add the following to it:

network:
    tunnels:
      ipip0:
        mode: ipip
        local: <Local IP>
        remote: <Remote IP>
        mtu: 1500
    version: 2

• IPIP - IP in IP is a tunneling protocol that encapsulates IP packets within IP packets. It is a simple and straightforward method for creating virtual private networks (VPNs) or tunneling traffic over an existing IP network. The basic idea is to encapsulate the original IP packet within a new IP packet, allowing it to traverse another IP network.

• Remote IP - Remote IP address is the IP address of the Citrix ADC interface.

• Local IP - The local IP address is the IP address of the Traceable Platform agent.

Run the following command after creating the above file:

sudo netplan apply

RHEL VM

On RHEL VM, run the following command:

nmcli connection add type ip-tunnel ip-tunnel.mode ipip con-name ipip0 ifname ipip0 remote <remote_ip> local <local_ip>

Following is an explanation of the above command:

• nmcli connection add: This part of the command instructs NetworkManager to add a new connection.

• type ip-tunnel: Specifies the type of connection as an IP tunnel.

• ip-tunnel.mode ipip: Sets the tunneling mode to IPIP (IP in IP).

• con-name ipip0: Assign a name to the new connection. In this case, it's named “ipip0.”

• ifname ipip0: Specifies the interface name for the new connection as “ipip0.”

• remote <remote_ip>: Sets the remote IP address for the tunnel. Replace <remote_ip> with the Citrix ADC IP address.

• local <local_ip>: Sets the local IP address for the tunnel. Replace <local_ip> with the Traceable Platform agent IP address.

The command creates a new NetworkManager connection representing an IPIP tunnel. It configures the tunnel with a specific remote IP address, local IP address, and other parameters and assigns the connection the name “ipip0” with the interface name “ipip0.”

Step 2 - Install Traceable Platform agent

Use Traceable’s installation script to install the Traceable Platform agent and Suricata. The mirror command of the installation script installs both the Platform agent and Suricata.

To download the script, go to Traceable's download site. Navigate to install → traffic-mirroring → linux → latest. Click on the install.sh script to download it, or enter the following command in your terminal:

curl -O https://downloads.traceable.ai/install/traffic-mirroring/linux/latest/install.sh

Provide the execute permission to the script. Enter the following command:

chmod +x install.sh

Install Traceable Platform agent

Enter the following command on your preferred VM to install the agent:

/install.sh mirror -e myEnv -s mySvc -i ipip0 --netscaler-remote-inspection --token <Traceable_Platform_Token>

Use the IP tunnel created in step 1, ipip0 in this case.

Enter the following command to verify the Traceable agent and Suricata service:

sudo systemctl status suricata
sudo systemctl status traceable

Step 3 - Steps in Citrix ADC

Complete the following steps in Citrix ADC:

1. Enable content inspection. Enter the following command:

   enable ns feature contentInspection LoadBalancing 

2. Create an IP-IP tunnel. Enter the following command. TraceableInstanceIP is the IP address of the Traceable Platform agent.

   add ipTunnel iptunnel-tpa <TraceableInstanceIP> 255.255.255.255 *

3. Add content inspection profile of type MIRROR. Enter the following command:

   add contentInspection profile Traceable_IDS_profile1 -type MIRROR -ipTunnel iptunnel-tpa 

4. Add IDS service. Enter the following command:

   add service Traceable_IDS_service <TraceableInstanceIP> ANY 8080 -contentInspectionProfileName Traceable_IDS_profile1 -healthMonitor OFF 

   TraceableInstanceIP is the IP address of the Traceable Platform agent

5. Add content inspection action of type MIRROR for IDS service. Enter the following command:

   add ContentInspection action Traceable_IDS_action -type MIRROR -serverName Traceable_IDS_service

6. Add content inspection policy for IDS inspection. Enter the following command:

   add contentInspection policy Traceable_IDS_pol1 -rule true -action Traceable_IDS_action

7. Bind content inspection policy to content switching or load balancing virtual service of type HTTP/SSL. You should have an existing content switching or load balancing virtual service of type HTTP/SSL. Keep the name handy.

8. Bind Content Inspection policy to a content-switching virtual server or load-balancing virtual server of type HTTP/SSL. Enter the following command:

   bind lb vserver <HTTP_vserver> -policyName Traceable_IDS_pol1 -priority 100 -type REQUEST

   Substitute <HTTP_vserver> with the virtual server name from step 7.

To verify a successful integration, send traffic through Citrix ADC and then check it in Traceable Platform.