ADC

Virtual MAC Based Traffic Domains

You can associate a traffic domain with a Virtual MAC address instead of with VLANs. The Citrix ADC then sends the traffic domain’s Virtual MAC address in all responses to ARP queries for network entities in that domain. As a result, the ADC can segregate subsequent incoming traffic for different traffic domains on the basis of the destination MAC address, because the destination MAC address is the Virtual MAC address of a traffic domain. After creating entities on a traffic domain, you can easily manage and monitor them by performing traffic domain level operations.

Consider an example in which two traffic domains, with IDs 1 and 2, are configured on Citrix ADC appliance NS1. The Citrix ADC creates a Virtual MAC address VMAC1 and associates it with traffic domain 1. Similarly, the Citrix ADC created another Virtual MAC address Virtual MAC2 and associates with traffic domain 2.

In traffic domain 1, load balancing virtual server LBVS-TD1 is configured to load balance traffic across servers S1 and S2. On the Citrix ADC appliance, servers S1 and S2 are represented by services SVC1-TD1 and SVC2-TD1, respectively. A subnet IP address (SNIP) SNIP1 is configured for enabling the Citrix ADC to communicate with S1 and S2. Because VMAC1 is associated with traffic domain 1, the appliance sends VMAC1 as the MAC address in all ARP announcements and ARP responses for LBVS-TD1 and SNIP1.

Similarly in traffic domain 2, load balancing virtual server LBVS-TD2 is configured to load balance traffic across S3 and S4. On the Citrix ADC appliance, servers S3 and S4 are represented by services SVC3-TD2 and SVC4-TD2, respectively. A SNIP address SNIP2 is configured for enabling the Citrix ADC to communicate with S3 and S4. Because VMAC2 is associated with traffic domain 2, the appliance sends VMAC2 as the MAC address in all ARP announcements and ARP responses for LBVS-TD2 and SNIP2.

The Citrix ADC segregate subsequent incoming traffic for traffic domains 1 or 2 on the basis of the destination MAC address, if the destination MAC address is VMAC1 or VMAC2. traffic domain Virtual MAC

The following table lists the settings used in the example: VMAC based traffic domain example settings.

Before you Begin

Following are points to consider before you configure Virtual MAC based traffic domain:

  1. Virtual MAC based traffic domains are easiest way to achieve network traffic segregation.
  2. Because Virtual MAC based traffic domains segregate network traffic based on Virtual MAC addresses and not VLANS, you cannot create duplicate IP addresses on different Virtual MAC based traffic domains on a Citrix ADC.
  3. Virtual MAC based traffic domains do not work when the Citrix ADC is deployed only in L2 Mode.
  4. Both VLAN and Virtual MAC based traffic domains can coexist on a Citrix ADC. Virtual MAC based traffic domains actually runs on all VLANs that are not bound to any VLAN based traffic domain.

Configuration Steps

Configuring a Virtual MAC based traffic domain on a Citrix ADC appliance consists of the following tasks:

  • Create a traffic domain entity and enable the Virtual MAC option. Create a traffic domain entity uniquely identified by an ID, which is an integer value, and then enable the Virtual MAC option. After creating the traffic domain entity, the Citrix ADC creates a virtual MAC address and then associates it to the traffic domain entity.
  • Create feature entities on the traffic domain. Create the required feature entities in the traffic domain by specifying the traffic domain identifier (td) when configuring these feature entities. Citrix ADC owned network entities created in a Virtual MAC based traffic domain are associated with the Virtual MAC address, which is associated with the traffic domain. The Citrix ADC then sends the traffic domain’s Virtual MAC address in ARP announcements and ARP responses for these network entities.

CLI procedures

To create a Virtual MAC based traffic domain by using the CLI:

At the command prompt, type:

  • add ns trafficDomain <td> [-vmac ( ENABLED DISABLED )]
  • show ns trafficdomain <td>

To configure a SNIP address by using the CLI:

At the command prompt, type:

  • add ns ip <IPAddress> <netmask> -type SNIP –td <id>
  • show ns ip <IPAddress> -td <id>

To create a service by using the CLI:

At the command prompt, type:

  • add service <name> <IP> <serviceType> <port> -td <id>
  • show service <name> -td <id>

To create a load balancing virtual server and bind services to it by using the CLI:

At the command prompt, type:

  • add lb vserver <name> <serviceType> <IPAddress> <port> -td <id>
  • bind lb vserver <name> <serviceName>
  • show lb vserver <name> -td <id>

Example:

> add ns trafficDomain 1 -vmac ENABLED
 Done
> add ns trafficDomain 2 -vmac ENABLED
 Done

> add ns ip 192.0.2.5 255.255.255.0 -type -SNIP -td 1
 Done
> add service  SVC-S1-TD1  192.0.2.10 HTTP 80 -td 1
 Done
> add service  SVC-S2-TD1  192.0.2.20 HTTP 80 -td 1
 Done
> add lb vserver  LBVS-TD1 HTTP   203.0.113.15 80 -td 1
 Done
> bind lb vserver  LBVS-TD1 SVC-S1-TD1
 Done
> bind lb vserver  LBVS-TD1 SVC-S2-TD1
 Done

> add ns ip 192.0.2.6 255.255.255.0 -type -SNIP -td 2
 Done
> add service  SVC-S3-TD2  192.0.2.30 HTTP 80 -td 2
 Done
> add service  SVC-S4-TD2  192.0.2.40 HTTP 80 -td 2
 Done
> add lb vserver  LBVS-TD1 HTTP   203.0.113.16 80 -td 1
 Done
> bind lb vserver  LBVS-TD2 SVC-S3-TD2
 Done
> bind lb vserver  LBVS-TD2 SVC-S3-TD2
 Done
<!--NeedCopy-->

GUI procedures

To create a Virtual MAC based traffic domain by using the GUI:

  1. Navigate to System > Network > Interfaces.
  2. In the details pane, click Add.
  3. On the Create Traffic Domain page, set the following parameters:
    • Traffic Domain ID*
    • Enable Mac
  4. Click Create.

To configure a SNIP address by using the GUI:

  1. Navigate to System > Network > IPs > IPv4
  2. Navigate to Network > IPs > IPv4
  3. In the details pane, click Add
  4. In the Create IP page, set the following parameters. For a description of a parameter, hover the mouse cursor over the corresponding field.
    • IP Address
    • Netmask
    • IP Type
    • Traffic Domain ID
  5. Click Create.

To create a service by using the GUI:

  1. Navigate to Traffic Management > Load Balancing > Services.
  2. In the details pane, click Add.
  3. In the Basic Settings Page, set the following parameters. For a description of a parameter, hover the mouse cursor over the corresponding field.
    • Service Name
    • Server
    • Protocol
    • Port
    • Traffic Domain ID
  4. Click Continue, and click Done.
  5. Repeat steps 2-4 to create another service.
  6. Click Close.

To create a load balancing virtual server and bind services to it by using the GUI:

  1. Navigate to Traffic Management > Load Balancing > Virtual Servers.
  2. In the Load Balancing Virtual Servers pane, click Add.
  3. In the Create Virtual Servers (Load Balancing) dialog box, set the following parameters. For a description of a parameter, hover the mouse cursor over the corresponding field.
    • Name
    • IP Address
    • Protocol
    • Port
    • Traffic Domain ID
  4. Click Continue, on the Service Pane, click >.
  5. On the Service page, click Insert, and then select the check box for the services that you want to bind to the virtual server.
  6. Click Continue, and click Done.
  7. Repeat steps 2-5 to create another virtual server
Virtual MAC Based Traffic Domains