How To: Load Balancing TFTP w/NetScaler 10.1

Since the dawn of man (ok maybe not that long) we have fought to load balance TFTP across Citrix Provisioning Servers. In the past you had to use Direct Server Return (DSR), local loopback adapters on PVS, and any other of a myriad of solutions..or worse yet, no solution at all. (Read THISTHIS and THIS to relive the old ways) After reading all that you’ll see why BDM is such a popular option.  Well, folks, the future is finally here to some degree and while NetScaler 10.1 might not be everyone’s knight in shining armor it does FINALLY simplify TFTP Load Balancing. How do we know it does this amazing feat? By this obscure reference in the 10.1 release notes of course!

TFTP Support

Issue ID 0250958: The NetScaler appliance now supports communication between a client and a Trivial File Transfer Protocol (TFTP) server.

TFTP is a simple form of file transfer protocol and is based on the UDP protocol. TFTP does not provide any security features and is generally used for automated transfer of configuration and boot files between devices in a private network. TFTP support on the NetScaler appliance is compliant with RFC 1350. A server listens on port 69 for any TFTP request.

The following features are supported:

  1. Load balancing of TFTP servers—The NetScaler appliance can now load balance TFTP servers.
  2. INAT processing compliant to TFTP—When a request packet, with port 69 as the destination, received by the NetScaler appliance matches an INAT rule with TFTP option enabled, the appliance processes the request and the corresponding response as compliant with the TFTP protocol.
  3. RNAT processing compliant to TFTP—When a request packet generated by a server is destined to a TFTP server, and the packet matches an RNAT rule on the NetScaler appliance, the appliance’s processing of the request and the corresponding response from the TFTP server is compliant with the TFTP protocol.

So lets discuss why you usually need to load balance TFTP: You have Citrix Provisioning Servers and you’re using DHCP options 66/67 to provide the TFTP Server and boot file name for download to your clients. Because you built your Citrix environment the right way, you have redundancy all the way down the problem though, Windows DHCP option 66 only takes a single IP. Sure you can round robin or something but the best solution is to truly load balance with a solution that monitors the ARDBP32.bin file is actually there and TFTP is responding. Even PXE booting doesn’t give you that because theres no intelligence or monitoring behind it, only a blind server response but no logic if TFTP is up or correctly responding. Daniel Feller wrote a good blog article about some misconceptions around bootstrap delivery HERE..I encourage you to read it.

NetScaler and DHCP 66/67 can meet our requirements though, and now it can meet them fairly easily.

So lets get to the end of this “How To” you will see how to load balance and monitor a TFTP server (PVS in my case), utilizing DHCP option 66/67 and providing to our XenDesktops or other PVS streamed clients a highly available, intelligently monitored and load balanced TFTP lbvip.

NOTE* I have only tested this in a single arm deployment. Also, shout out to my colleague Jarian Gibson (@JarianGibson/ for helping find the one obscure Synergy lab guide that even talks about this functionality.

Step 1. Go to your NetScaler and login to the “NetScaler ADC” deployment type.


Step 2. Navigate to Traffic Management->Load Balancing->Servers. Click “Add”.


Step 3. Enter in your PVS Server name, IP Address, then click “Create”. Repeat for all your PVS Servers.


Step 4. Navigate to Traffic Management->Load Balancing->Monitors. Click “Add”.


Step 5. Enter in a monitor name, type “USER”, and verify Intveral and Response Time-out are set to 5 and 2 respectively. Click the “Special Parameters” tab.


Step 6. Click “Browse” and select the file. Leave all other settings alone. Click “Create” then “Close”.


Step 7. Navigate to Traffic Management->Services. Click “Add”


Step 8. Enter a service name, select your PVS server, set “Protocol” to “TFTP”. Find your TFTP monitor and add it to the right-hand pane. Click “Create” then “Close”. Repeat for each PVS server.


Step 9. Navigate to Traffic Management->Virtual Servers. Click “Add”.


Step 10. Enter in a Name, an IP for the LBVIP, select Protocol “TFTP”. In the “Services” tab select all your services you just created. Leave everything else as is, no persistence is required, the requests will stick and be load balanced by least connection.


Step 11. Go to your DHCP server (in this case, DHCP is on my PVS server) and configure option 66 with the NetScaler TFTP LBVIP. Also of course configure option 67..duh.


Step 12. Boot your target device. I won’t go into all that PVS config stuff..I’m going to assume if know what TFTP is in relation to PVS then you already know how to get to this point.


Congratulations!! You have successfully load balanced TFTP with NetScaler 10.1. WASN’T THAT EASY?!?!?!
Hope this helped, please comment and share!


15 thoughts on “How To: Load Balancing TFTP w/NetScaler 10.1

    • Hi Yann,

      No, I believe you’re thinking of load balancing TFTP with USIP which would require that. With the new 10.1 you don’t need to change anything on the PVS servers, thats the beauty of it.


  1. I recommend checking out Issue ID 0395735. After we set this up on our HA pair running 10.1 121.10 nc Our boxes crashed over and over until they corrupted the config and we had to restore from a backup. The issue is supposedly fixed in the version we have but I promise you it is not… I will be opening a case with Citrix today.

  2. @Sam, do you still have the issues? I am planning on doing this but are a little bit worried when I se that you still have the issue on 121.10, we are on 123.9.

    • I have not moved forward since the issues we had. We did not have any of the crash dumps for support to analyze since we restored our VPX’s from a Veeam backup. Support wanted us to setup again and grab the dumps, but I yet to complete that task. Not sure I want to either. If you setup and you have an HA pair, monitor the primary node very carefully after you make the change. It did not take long before our nodes started crashing. It took a while to figure out what was going on, because HA works so well. We did not even know we had an issue until the nodes starting crashing closer together.

  3. Pingback: Load Balancing TFTP with Netscaler 10.5 | KnowCitrix

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s