Citrix ADC Appliances in Active-Active Mode Using VRRP
An active-active deployment, in addition to preventing downtime, makes efficient use of all the Citrix ADC appliances in the deployment. In active-active deployment mode, the same VIPs are configured on all Citrix ADC appliances in the configuration, but with different priorities, so that a given VIP can be active on only one appliance at a time.
The active VIP is called the master VIP, and the corresponding VIPs on the other Citrix ADC appliances are called the backup VIPs. If a master VIP fails, the backup VIP with the highest priority takes over and becomes the master VIP. All the Citrix ADC appliances in an active-active deployment use the Virtual Router Redundancy Protocol (VRRP) protocol to advertise their VIPs and the corresponding priorities at regular intervals.
Citrix ADC appliances in active-active mode can be configured so that no Citrix ADC is idle. In this configuration, different sets of VIPs are active on each Citrix ADC. For example, in the following diagram, VIP1, VIP2, VIP3, and VIP4 are configured on appliances NS1, NS2, and NS3. Because of their priorities, VIP1 and VIP 2 are active on NS1, VIP3 is active on NS2 and VIP 4 is active on NS3. If, for example, NS1 fails, VIP1 on NS3 and VIP2 on NS2 become active.
Figure 1. An Active-Active Configuration
The Citrix ADC appliances in the above diagram process traffic as follows:
- Client C1 sends a request to VIP1. The request reaches R1.
- R1 does not have an ARP entry for VIP1, so it broadcasts an ARP request for VIP1.
- VIP1 is active in NS1, so NS1 replies with a source MAC address as the Virtual MAC (for example VMAC1) associated with VIP1, and VIP1 as the source IP address.
- SW1 learns the port for VIP1 from the ARP reply and updates its bridge table.
- R1 updates the ARP entry with VMAC1 and VIP1.
- R1 forwards the packet to the VIP1 on NS1.
- NS1’s load balancing algorithm selects server S2, and NS1 opens a connection between one of its SNIP or MIP addresses and S2.
- S2 replies to the SNIP or MIP on the Citrix ADC.
- NS1 sends S2’s reply to the client. In the reply, NS1 inserts MAC address of the physical interface as the source MAC address and VIP1 as the source IP address.
- Should NS1 fail, the Citrix ADC appliances use the VRRP protocol to select the VIP1 with the highest priority. In this case, VIP1 on NS3 becomes active, and the following two steps update the active-active configuration.
- NS3 broadcasts a GARP message for VIP1. In the message, VMAC1 is the source MAC address and VIP1 is the source IP address.
- SW1 learns the new port for VMAC1 from the GARP broadcast and updates its bridge table to send subsequent client requests for VIP1 to NS3. R1 updates its ARP table.
The priority of a VIP can be modified by health tracking. If you enable health tracking, you should make sure that preemption is also enabled, so that a VIP whose priority is lowered can be preempted by another VIP.
In some situations, traffic might reach a backup VIP. To avoid dropping such traffic, you can enable sharing, on a per-node basis, as you create an active-active configuration. Or you can enable the global send to master option. On a node on which sharing is enabled, it takes precedence over send to master.
Base priority (BP-range 1-255) ordinarily determines which VIP is the master VIP, but effective priority (EP) can also affect the determination.
For example, if a VIP on NS1 has a priority of 101 and same VIP on NS2 has a priority of 99, the VIP on NS1 is active. However, if two vservers are using the VIP on NS1 and one of them goes DOWN, health tracking can reduce the EP of VIP on NS1. VRRP then makes the VIP on NS2 the active VIP.
Following are the health tracking options for modifying EP:
- NONE. No tracking. EP = BP
- ALL. If all virtual servers are UP, then EP = BP. Otherwise, EP = 0.
- ONE. If at least one virtual server is UP, then EP = BP. Otherwise, EP = 0.
- PROGRESSIVE. If ALL virtual servers are UP, then EP = BP. If ALL virtual servers are DOWN then EP = 0. Otherwise EP = BP (1 - K/N), where N is the total number of virtual servers associated with the VIP and k is the number of virtual servers that are down.
Note: If you specify a value other than NONE, preemption should be enabled, so that the backup VIP with the highest priority becomes active if the priority of the master VIP is downgraded.
Preemption of an active VIP by another VIP that attains a higher priority is enabled by default, and normally should be enabled. In some cases, however, you may want to disable it. Preemption is a per-node setting for each VIP.
Preemption can occur in the following situations:
- An active VIP goes down and a VIP with a lower priority takes its place. If the VIP with the higher priority comes back online, it preempts the currently active VIP.
- Health tracking causes the priority of a backup VIP to become higher than that of the active VIP. The backup VIP then preempts the active VIP.
In the event that traffic reaches a backup VIP, the traffic is dropped unless the sharing option is enabled on the backup VIP. This behavior is a per node setting for each VIP and is disabled by default.
In the figure An Active-Active Configuration VIP1 on NS1 is active and VIP1 VIPs on NS2 and NS3 are backups. Under certain circumstances, traffic may reach VIP1 on NS2. If Sharing is enabled on NS2, this traffic is processed instead of dropped.