Historically, Application Delivery Controllers (ADCs)  typically worked on lower layer broadcast domains with no logical separation. In terms of TCP/IP networking these domains are configured and setup at Layer 2. VLANs are just one example of creating such smaller domains. But VLANs have limited visibility and reach within Layer 2/3. As such the ADC appliances had reduced traffic perceptibility and upper layer protocols and applications did not get all the benefits. Yet, multi-tenant environments frequently require that the same IP addresses be supported across multiple distinct customer networks.

NetScaler with “traffic domains” provide visibility all the way to Layer 7 and to the core applications. Such domains enable overlapping back-end IP address spaces within a single instance. Admins can now associate a traffic domain with a VLAN, and subsequently for that VLAN/traffic domain, freely use any IP address, for SNIPs, VIPs and back end services without having to worry about IP conflicts between different traffic domains. A key advantage is to allow segregation of applications within a single appliance; applications within a specified domain can only see packets belonging to that domain.

The principal deployment scenario for traffic domains is around multi-tenancy and having separate routing/traffic flows within a single NetScaler appliance-physical or virtual. This allows configuring traffic domains to create multiple virtual NetScaler instances with IP duplication within the same network and environment. Administrators can define multiple networks based on VLAN and manage them independently. IP addresses and corresponding IP based routing policies can overlap without risk of leaking traffic from one network to another. Each customer is completely private.

NetScalertraffic domains provide a very cost-effective way to deploy “load balancing-as-a-service” in a cloud environment among many other user scenarios. So while you may not need the full power of NetScaler SDX multi-tenant solutions with their complete isolation of compute processing, memory, SSL and I/O, it’s nice to know you have an alternative.