NetScaler SNIPs Bound To An Interface Without A VLAN

NetScaler SNIPs Bound To An Interface Without A VLAN

https://www.citrix.com/blogs/2014/04/09/work-your-magic-with-the-netscaler-toolkit-used-by-the-pros/

 

That’s right! Did you know that the NetScaler has another method to bind a SNIP IP address to an interface without having to create an L3 (layer three) VLAN? Well it does, so keep reading below to find out how.

Interestingly enough the feature that I’m going to discuss in this blog post was introduced in NetScaler firmware release 10.0, but perhaps many of you who have deployed the NetScaler in your environment have never actually seen this feature, and hence the reason for this particular post.

Historically there were two main methods for ensuring that traffic destined for a particular network/subnet on the NetScaler would traverse a desired interface:

1. Layer three VLAN’s – http://support.citrix.com/article/CTX136926
2. MBF (MAC-based forwarding) – http://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-interfaces-configrng-mac-bsd-frwrdng-tsk.html

I won’t invest the time to explain the two referenced methods above, considering that my focus for this post is to discuss this newer and not so well known method of accomplishing a similar outcome.

Accomplish The Objective With An Arp Entry:

You can bind a specific interface to an SNIP by adding an ARP entry for each of the following SNIPs in the example below. This is to ensure that the response traffic will reach the same interface through which the request went out.

Example Configuration Details:

SNIP IP addresses: 10.10.10.2, 10.10.10.3, 10.10.10.4 and 10.10.10.5

MAC Addresses for each of the respective interfaces (You’ll need to find the MAC addresses for each of the NetScaler interfaces that you’ll want to bind a particular SNIP to). You can find the MAC address for each respective interface by logging into the NetScaler appliance and following the example below:
> show interface 0/1
1)      Interface 0/1 (NetScaler Virtual Interface, PF 0/1) #1

flags=0xe060 <ENABLED, UP, UP, HAMON, 802.1q>

MTU=1500, native vlan=1, MAC=52:2c:75:e4:61:fc, uptime 118h08m42s

LLDP Mode: NONE

RX: Pkts(5350740) Bytes(1514302712) Errs(0) Drops(2351891) Stalls(0)

TX: Pkts(3001008) Bytes(844999742) Errs(0) Drops(0) Stalls(0)

NIC: InDisc(0) OutDisc(0) Fctls(0) Stalls(0) Hangs(0) Muted(0)

Bandwidth thresholds are not set.

So for this example we are going to use the following interfaces and associated MAC addresses:

1/2 – 00:e0:ed:0f:bc:e0

1/3 – 00:e0:ed:0f:bc:df

1/4 – 00:e0:ed:0f:bc:de

1/5 – 00:e0:ed:1c:89:53

The following is a CLI (command line interface) example for how to bind the four SNIP IP addresses to the four NetScaler interfaces:

> add arp -ipAddress 10.10.10.2 -mac 00:e0:ed:0f:bc:e0 -ifnum 1/2

Done

> add arp -ipAddress 10.10.10.3 -mac 00:e0:ed:0f:bc:df -ifnum 1/3

Done

> add arp -ipAddress 10.10.10.4 -mac 00:e0:ed:0f:bc:de -ifnum 1/4

Done

> add arp -ipAddress 10.10.10.5 -mac 00:e0:ed:1c:89:53 -ifnum 1/5

Done

Summary:

So with a very simple configuration you can bind SNIP IP addresses to interfaces without leveraging L3 VLAN’s.

Reference: http://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-interfaces-bindng-SNIP-to-interface-tsk.html