Restricting high availability synchronization traffic to a VLAN

In a high availability (HA) deployment, traffic related to maintaining the HA configuration flows between the two HA nodes. This traffic is of the following types:

  • Config synchronization
  • Config propagation
  • Connection mirroring
  • Load balancing persistency config synchronization
  • Persistent session synchronization
  • Session state synchronization

Proper flow of this HA related traffic between the two nodes is critical for the functioning of the HA deployment. Typically, the HA related traffic is small in volume but can become very high during a failover. It becomes very high if stateful connection failover is enabled and the node that was primary before the failover was handling a large number of connections.

By default, the HA related traffic flows through the VLANs to which the NSIP address is bound. To accommodate a potential surge in this traffic, you can separate the HA related traffic from the management traffic and restrict its flow to a separate VLAN. This VLAN is called the HA SYNC VLAN.

Points to consider before Configuring an HA SYNC VLAN

  • The configuration of an HA SYNC VLAN is neither propagated nor synchronized. In other words, the HA SYNC VLAN is node specific and is configured independently on each node.
  • HA SYNC VLAN configuration is removed when you clear the configuration in only FULL mode.
  • HA MON must be set to OFF for interfaces that are part of the HA SYNC VLAN, to avoid a situation in which both nodes function as the primary node.
  • Management interfaces (for example, 0/1 and 0/2) must not be part of the HA SYNC VLAN, so that HA related traffic does not flow through management interfaces.
  • Citrix recommends disabling high availability heartbeat messages on management interfaces and enabling on HA SYNC VLAN interfaces. After meeting these recommendations, high availability heartbeat messages can also be enabled on data interfaces.

    For more information on disabling high availability heartbeat messages on interfaces, see Managing high availability heartbeat messages on a Citrix ADC appliance.

To configure an HA SYNC VLAN on a Citrix ADC node, specify a configured VLAN with the HA SYNC VLAN parameter of the local node entity.

To configure an HA SYNC VLAN on a local node by using the command line: At the command prompt, type:

  • set ha node –syncvlan <VLANID>
  • show node

Parameter Description:

syncvlan (Sync VLAN) - VLAN on which HA related traffic is sent. This includes traffic for synchronization, propagation, connection mirroring, load balancing persistency, configuration synchronization, persistent session synchronization, and session state synchronization. However, HA heartbeats can use any interfaces.

To configure an HA SYNC VLAN on a node by using the GUI:

  1. Navigate to System > High Availability.
  2. Set the Sync VLAN parameter while modifying the local node.
Restricting high availability synchronization traffic to a VLAN