Thanks to Muthukumar Shunmugiah for helping put together this blog.

We often get queries on managing the HA traffic between the paired appliances and at times it can be confusing. This blog covers some key points that should help in HA deployments of varied kinds. 

  • To understand the reasons of HA failover please check the following link
  • Only NSIP is used to send the HA traffic
  • UDP ports 3003 and 3010 are used for HA communication
  • By default HA traffic is sent untagged
  • To send tagged HA traffic – NSVLAN or tagall option can be used
  • Heartbeats are sent out of all the interfaces on which the peer NS can be reached / resolved
  • It is not necessary to send Heartbeats out of critical interfaces
  • When untagged HA traffic is required:
    • NSVLAN is not enabled: Traffic is sent out from all the interfaces on which the peer can be resolved
    • NSVLAN is enabled without tagging: Traffic is sent out only from those interfaces whose native VLAN is NSVLAN
    • On the device that is connected to NetScaler:
      • If more than one interfaces are connected between NS and the connected device – interfaces on the connected device shouldn’t have the same native VLAN
  • When the need is to send tagged traffic:
    • Enable NSVLAN with tagging: HA traffic is tagged with NSVLAN and is sent out only from those interfaces whose native VLAN is NSVLAN
    • Tagall: When tagall is enabled on the interface, traffic is sent with the tag of native VLAN of the interface
  • On the device that is connected to NetScaler:
    • Tagged VLAN must always be part of the allowed VLANs
    • Even the native VLAN must be part of the allowed VLANs