ADC

Configuring Virtual MAC Addresses

A virtual MAC address is a floating entity shared by the primary and the secondary nodes in an HA setup.

In an HA setup, the primary node owns all of the floating IP addresses, such as the MIPs, SNIPs, and VIPs. The primary node responds to Address Resolution Protocol (ARP) requests for these IP addresses with its own MAC address. As a result, the ARP table of an external device (for example, an upstream router) is updated with the floating IP address and the primary node’s MAC address.

When a failover occurs, the secondary node takes over as the new primary node. It then uses Gratuitous ARP (GARP) to advertise the floating IP addresses that it acquired from the primary. However, the MAC address that the new primary advertises is the MAC address of its own interface.

Some devices (notably a few routers) do not accept the GARP messages generated by the Citrix ADC appliance. As a result, some external devices retain the old IP to MAC mapping advertised by the old primary node. This can result in a site going down.

You can overcome this problem by configuring a virtual MAC on both nodes of an HA pair. Both nodes then possess identical MAC addresses. Therefore, when failover occurs, the MAC address of the secondary node remains unchanged, and the ARP tables on the external devices do not need to be updated.

To create a virtual MAC, you need to first create a Virtual Router ID (VRID) and bind it to an interface. (In an HA setup, you need to bind the VRID to the interfaces on both nodes.) Once the VRID is bound to an interface, the system generates a virtual MAC with the VRID as the last octet.

This section includes the following details:

Configuring IPv4 virtual MACs

When you create a IPv4 virtual MAC address and bind it to a interface, any IPv4 packet sent from the interface uses the virtual MAC address that is bound to the interface. If there is no IPv4 virtual MAC bound to an interface, the interface’s physical MAC address is used.

The generic virtual MAC is of the form 00:00:5e:00:01:<VRID>. For example, if you create a VRID with a value of 60 and bind it to an interface, the resulting virtual MAC is 00:00:5e:00:01:3c, where 3c is the hex representation of the VRID. You can create 255 VRIDs with values from 1 to 255.

Creating or modifying an IPv4 virtual MAC

You create an IPv4 virtual MAC by assigning it a virtual router ID. You can then you bind the virtual MAC to an interface. You cannot bind multiple VRIDs to the same interface. To verify the virtual MAC configuration, you should display and examine the virtual MACs and the interfaces bound to the virtual MACs.

To add a virtual MAC by using the command line interface

At the command prompt, type:

  • add vrID
  • bind vrid <id> -ifnum <interface_name>
  • show vrID

Example

> add vrID 100
 Done
> bind vrid 100 -ifnum 1/1 1/2 1/3
 Done
<!--NeedCopy-->

To unbind interfaces from a virtual MAC by using the command line interface

At the command prompt, type:

  • unbind vrid <id> -ifnum <interface_name>
  • show vrID

To configure a virtual MAC by using the GUI

Navigate to System > Network > VMAC and, on the VMAC tab, add a new virtual MAC, or edit an existing virtual MAC.

Removing an IPv4 virtual MAC

To remove an IPv4 virtual MAC, you delete its virtual router ID.

To remove an IPv4 virtual MAC by using the command line interface

At the command prompt, type:

rm vrid <id>

Example

rm vrid 100s
<!--NeedCopy-->

To remove an IPv4 virtual MAC by using the GUI

Navigate to System > Network > VMAC and, on the VMAC tab, delete the IPv4 virtual MAC.

Configuring IPv6 virtual MAC6s

The Citrix ADC supports virtual MAC6 for IPv6 packets. You can bind any interface to a virtual MAC6, even if an IPv4 virtual MAC is bound to the interface. Any IPv6 packet sent from the interface uses the virtual MAC6 bound to that interface. If there is no virtual MAC6 bound to an interface, an IPv6 packet uses the physical MAC.

Creating or Modifying a virtual MAC6

You create an IPv6 virtual MAC by assigning it an IPv6 virtual router ID. You can then you bind the virtual MAC to an interface. You cannot bind multiple IPv6 VRIDs to an interface. To verify the virtual MAC6 configuration, you should display and examine the virtual MAC6s and the interfaces bound to the virtual MAC6s.

To add a virtual MAC6 by using the command line interface

At the command prompt, type:

  • add vrID6 <id>
  • bind vrID6 <id> -ifnum <interface_name>
  • show vrID6

Example

> add vrID6 100
Done
> bind vrID6 100 -ifnum 1/1 1/2 1/3
 Done
<!--NeedCopy-->

To unbind interfaces from a virtual MAC6 by using the command line interface

At the command prompt, type:

  • unbind vrID6 <id> -ifnum <interface_name>
  • show vrID6

To configure a virtual MAC6 by using the GUI

Navigate to System > Network > VMAC and, on the VMAC6 tab, add a new virtual MAC6, or edit an existing virtual MAC6.

Removing a virtual MAC6

To remove an IPv4 virtual MAC, you delete its virtual router ID.

To remove a virtual MAC6 by using the command line interface

At the command prompt, type:

rm vrid6 <id>

Example

rm vrid6 100s
<!--NeedCopy-->

To remove a virtual MAC6 by using the GUI

Navigate to System > Network > VMAC and, on the VMAC6 tab, delete the virtual router ID.

Configuring Virtual MAC Addresses