The NetScaler appliance is an extremely flexible application delivery controller (ADC). With the default configuration in place, the NetScaler IP addresses are ‘floating’, which means that they are not restricted to any particular interface. Additionally with a High Availability (HA) configuration in place, all of the NetScaler-owned IP addresses (apart from the NSIP – the NetScaler IP Address) will be shared across the HA pair. This will include SNIP’s, MIP’s (decremented) and VIP’s.
When the HA pair experiences a failover, whether forced or not, the NetScaler will GARP (gratuitous ARP) the new IP-to-MAC address binding for the newly established Primary NetScaler. More details about GARP can be found here: http://support.citrix.com/article/ctx109980. This GARP behavior is to advertise to partner-attached NetScaler devices that the IP-to-MAC address has changed, and hence forward traffic to the new Primary NetScaler.
The NetScaler MAC addresses are not floating by default; just the IP addresses. This may cause issues with an older network switch connected to the NetScaler, or perhaps a firewall (FW) that does not understand GARP. In the event that a switch or FW does not understand GARP, or may not be able to keep up with the rate at which the GARP’s are sent during an HA failover event (approximately 200/s), the NetScaler can be configured with VMAC to create a floating MAC address to pair up with the floating IP addresses. This will solve the potential issues associated with GARP’s from the NetScaler.
When the HA failover event occurs, the NetScaler will continue to advertise GARPs, but the downstream devices will not see a new IP-to-MAC address binding, and as such will continue to forward traffic to the known IP/MAC address, preventing the network from ‘black-holing’ the packets.
To configure VMAC on your NetScaler HA pair, please follow the example provided below. As a note, the VRID configured below will basically change the MAC address for each respective interface configured on, and then will be a floating MAC across the HA pair):
To configure VMAC on a NetScaler appliance, complete the following procedure:
Run the following command to create a VRID (Virtual Router ID):
> add vrid <Number>
Run the following command to bind the VRID to an interface:
>bind vrid <Number> -ifnum <Interface_Number>
If you need to display the VMAC configured, run the following command:
> show vrid <Number>
If you need to unbind the VRID from an interface, run the following commands:
> unbind vrid <vrid number> <Interface_Number>
If you want to remove the VMAC, run the following command:
> rm vrid <Number>
Note: There is no need to reboot the NetScaler Appliance after VMAC is configured.
Resources:
How to Configure VMAC on a NetScaler Appliance: http://support.citrix.com/article/CTX121681
VMAC Addresses for NetScaler VPX Appliance Hosted on VMWare EsXi: http://support.citrix.com/article/CTX129008
Recommended Settings and Best Practices for a Generic Implementation of a NetScaler Appliance: http://support.citrix.com/article/CTX121149