NetScaler VLAN ' s demystified

Source: Internet
Author: User
Tags netscaler

NetScaler VLAN ' s demystified

https://www.citrix.com/blogs/2014/12/29/netscaler-vlans-demystified/

The Citrix NetScaler Appliance is an amazingly flexible application Delivery controller (ADC). It ' s capable of performing both simple and very complex tasks, positioning it solidly for the eighth consecutive year in T He Gartner leaders Quadrant for ADC ' s:http://www.citrix.com/news/announcements/oct-2014/ Citrix-positioned-for-the-eighth-consecutive-year-in-the-leaders.html

Unlike many networking devices the NetScaler uses ' floating ' IP addresses, which means that any netscaler-owned IP address Can egress any NetScaler interface and the generic default ' vanilla ' configuration in place.

This may actually was the desired configuration, but if there was a need to ensure so ingress and egress traffic flows out One particular interface on the NetScaler, this can simply is configured by using a layer three (L3) VLAN ' s to bind IP subn ETS to specific interfaces. With L3 VLAN ' s configured, all traffic destined for a particular network/subnet would be forced out the desired interface.

Note:vlan's is actually layer and constructs, but the term L3 VLAN was used to describe the VLAN-TO-IP subnet binding OCC Urring.

How Does the all work?

By default all interfaces is members of Native VLAN 1. That's being said, specific to RX and TX, there is a few different rules to understand.

Below shows the structure of a VLAN packet:

port-based VLAN ' s

Let's add a new VLAN to the NetScaler (VLAN 10). This new VLAN was created with the following command: ' Add VLAN 10 '

Then let's bind interface 10/1 to the newly created VLAN natively. This was accomplished with the following command: ' Bind VLAN 10-ifnum 10/1 '

When bound natively, interface 10/1 are removed automatically from VLAN 1, the current native VLAN. It's then added to VLAN 10. When this configuration is implemented the following rules would then apply:

Tagged VLAN ' s

Let's add a tagged vlan to the NetScaler (VLAN 30). This new VLAN was created with the following command: ' Add VLAN 30 '

Then let's bind interface 10/2 to the newly created VLAN as a tagged member. This was accomplished with the following command: ' Bind VLAN 30-ifnum 10/2–tagged '

When VLAN bound as a tagged member of Interface 10/2, it's kept in VLAN 1 as a native member, but also added to VLA N-As a tagged member. When this configuration is implemented the following rules would then apply.

Summary
    • An interface can has only one (hence also referred to as ' port based ') Native VLAN.
    • Untagged packets arriving on an interface is assumed to the arrived on the that Native VLAN.
    • An interface can is part of any number of tagged VLANs.
    • When an interface are bound to a VLAN natively, its Native VLANs changes from the current one to new one.
    • When an interface are bound to a particular VLAN as a tagged member, it's just added to the new VLAN as a tagged member.

An overview of the rules is as follows:

The Interface tagall Configuration

The Tagall configuration on the NetScaler was specific only to the interface. The following rules apply when leveraging the Tagall feature:

Link Aggregation (LA)

Let ' s create a new link aggregation channel. This new LA channel was created with the following command: ' Add channel LA/1 '

Then let's bind interfaces 10/1 and 10/2 to the newly created channel with the following command: ' Bind channel LA/1-ifnu M 10/1 10/2 '

Then following rules would apply for the default LA channel:

Link Aggregation (LA) and VLANs

Let ' s create a new link aggregation channel (LA/2). This new LA channel was created with the following command: ' Add channel LA/2 '

Then let's bind interfaces 10/1 and 10/2 to the newly created channel with the following Command:bind channel LA/2-ifnum 10/1 10/2 ' (as referenced previously the VLAN bindings of 10/1 and 10/2 are lost once they is part of a LA Channel–un Less specifically configured as such as we'll see in the following example).

We can bind the new LA channel to a new VLAN with the following commands: ' Add VLAN 2 ' and then ' Bind VLAN 2–ifnum LA/2 '

NOTES:
    1. If We unbind Interfaces 10/1 and 10/2 (for example) from a LA channel (e.g. ' Unbind channel LA/1-ifnum 10/1 10/2 ') and T Hen Remove the channel with the following command: ' RM Channel LA/1 ', then interfaces 10/1 and 10/2 'll be moved to VLAN 1 as Native members again.
    2. The NetScaler does not has the concept of "trunk ports", which by default would accept all VLANs IDs and only accept tagged Traffic. Further restrictions on which VLANs to accept can is controlled by configuring an ' allowed List ' of VLAN IDs on a particul Ar interface.
Additional References:

How to Associate an IP Subnet with a NetScaler Interface by Using vlans:http://support.citrix.com/article/ctx136926

How to Restrict the Management Access to a NetScaler Appliance from a specific interface:http://support.citrix.com/articl e/ctx126038

NetScaler VLAN ' s demystified

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.