Product Documentation

Configuring ARP response Suppression for Virtual IP addresses (VIPs)

You can configure the Citrix ADC appliance to respond or not respond to ARP requests for a Virtual IP (VIP) address on the basis of the state of the virtual servers associated with that VIP.

For example, if virtual servers V1, of type HTTP, and V2, of type HTTPs, share VIP address 10.102.29.45 on a Citrix ADC appliance, you can configure the appliance to not respond to any ARP request for VIP 10.102.29.45 if both V1 and V2 are in the DOWN state.

The following three options are available for configuring ARP-response suppression for a virtual IP address.

  • NONE. The Citrix ADC appliance responds to any ARP request for the VIP address, irrespective of the state of the virtual servers associated with the address.
  • ONE VSERVER. The Citrix ADC appliance responds to any ARP request for the VIP address if at least one of the associated virtual servers is in UP state.
  • ALL VSERVER. The Citrix ADC appliance responds to any ARP request for the VIP address if all of the associated virtual servers are in UP state.

Following table shows the sample behavior of Citrix ADC appliance for a VIP configured with two virtual servers:

Associated virtual servers for a VIP STATE 1 STATE 2 STATE 3 STATE 4
NONE        
V1 UP UP DOWN DOWN
V2 UP DOWN UP DOWN
Respond to an ARP request for this VIP? Yes Yes Yes Yes
ONE VSERVER        
V1 UP UP DOWN DOWN
V2 UP DOWN UP DOWN
Respond to an ARP request for this VIP? Yes Yes Yes No
ALL VSERVER        
V1 UP UP DOWN DOWN
V2 UP DOWN UP DOWN
Respond to an ARP request for this VIP? Yes No No No

Consider an example where you want to test the performance of two virtual servers, V1 and V2, which have the same VIP address but are of different types and are each configured on Citrix ADC appliances NS1 and NS2. Let’s call the shared VIP address VIP1.

V1 load balances servers S1, S2, and S3. V2 load balances servers S4 and S5.

On both NS1 and NS2, for VIP1, the ARP suppression parameter is set to ALL_VSERVER. If you want to test the performance of V1 and V2 on NS1, you must manually disable V1 and V2 on NS2, so that NS2 does not respond to any ARP request for VIP1.

Figure 1.

arp supression

The execution flow is as follows:

  1. Client C1 sends a request to V1. The request reaches R1.
  2. R1 does not have an APR entry for the IP address (VIP1) of V1, so R1 broadcasts an ARP request for VIP1.
  3. NS1 replies with source MAC address MAC1 and source IP address VIP1. NS2 does not reply to the ARP request.
  4. SW1 learns the port for VIP1 from the ARP reply and updates its bridge table, and R1 updates the ARP entry with MAC1 and VIP1.
  5. R1 forwards the packet to address VIP1 on NS1.
  6. NS1’s load balancing algorithm selects server S2, and NS1 opens a connection between one of its SNIP or MIP addresses and S2. When S2 sends a response to the client, the response returns by the same path.
  7. Now you want to test the performance of V1 and V2 on NS2, so you enable V1 and V2 on NS2 and disable them on NS1. NS2 now broadcasts an ARP message for VIP1. In the message, MAC2 is the source MAC address and VIP1 is the source IP address.
  8. SW1 learns the port number for reaching MAC2 from the ARP broadcast and updates its bridge table to send subsequent client requests for VIP1 to NS2. R1 updates its ARP table.
  9. Now suppose the ARP entry for VIP1 times out in the ARP table of R1, and client C1 sends a request for V1. Because R1 does not have an APR entry for VIP1, it broadcasts an ARP request for VIP1.
  10. NS2 replies with a source MAC address and VIP1 as the source IP address. NS1 does not reply to the ARP request.

To configure ARP response suppression by using the CLI:

At the command prompt, type:

  • set ns ip -arpResponse <arpResponse>]
  • sh ns ip <IPAddress>

Example:

> set ns ip 10.102.29.96 -arpResponse ALL_VSERVERS
 Done

To configure ARP response suppression by using the GUI:

  1. Navigate to System > Network > IPs > IPV4s.
  2. Open an IP address entry and select the type of ARP Response.

Configuring ARP response Suppression for Virtual IP addresses (VIPs)

In this article