You can associate a traffic domain with a VMAC (Virtual Mac) address instead of with VLANs. The NetScaler intelligently uses the traffic domains VMAC address in ALL RESPONSES TO ARP for entities in that same traffic domain.

Things to note about VMAC based Traffic Domains:

• VMAC based traffic domains are easiest way to achieve network traffic segregation.

• Because VMAC based traffic domains segregate network traffic based on VMAC addresses and not VLANS, you cannot create duplicate IP addresses on different VMAC based traffic domains on a NetScaler ADC.

• VMAC based traffic domains do not work when the NetScaler is deployed only in L2 Mode.

• Both VLAN and VMAC based traffic domains can coexist on a NetScaler ADC. VMAC based traffic domains actually runs on all VLANs that are not bound to any VLAN based traffic domain.

Complete the following steps to associate a traffic domain with a VMAC address instead of VLANs:
Note:In this article two StoreFront servers are segregated in the same network.

1. Create a VMAC based traffic domain:
   add ns trafficDomain <td> -vmac  ENABLED
   Add ns trafficDomain 3 -vmac ENABLED
   Add ns trafficDomain 4 -vmac ENABLED

   

2. Configure a SNIP address:
   add ns ip <IPAddress> <netmask> -type SNIP –td <id>
   Add ns ip 10.25.249.113 255.255.255.192 SNIP -td 3
   Add ns ip 10.25.249.114  255.255.255.192 SNIP -td 4

   

3. Create a service:
   add service <name> <IP> <serviceType> <port> -td <id>
   Add service  Minnys_SF_TD3 80 10.25.249.84 -td 3
   Add service Minnys_SF_TD4 80 10.25.249.85 -td 4

   

4. Create a load balancing virtual server:
   add lb vserver <name> <serviceType> <IPAddress> <port> -td <id>
   add lb vserver LBVS-TD3 HTTP 10.25.249.3 80 -td 3
   add lb vserver LBVS-TD4 HTTP 10.25.249.4 80 -td 4

   

5. Bind the services:
   bind lb vserver LBVS-TD3 Minnys_SF_TD3
   bind lb vserver LBVS-TD4 Minnys_SF_TD4

6. Verify the ARP table.
   Default traffic domain = 0 (notice the MAC address)
   Traffic domain 3 and 4 have different MAC addresses.

   

While binding the services if you encounter the following error message then deleted the StoreFront server .90 and .91. Add the service with the StoreFront servers in the respective traffic domains.

Use Cases

Segregating Traffic Based on MAC Address

Consider a scenario in which there are two traffic domains "1" and "2". NetScaler will create a VMAC address VMAC1 to be associated with traffic domain "1" and creates another VMAC address VMAC2 to be associated with traffic domain "2". In order to segregate traffic based on MAC address, load balancing virtual server LBVS-TD1 is configured to load balance traffic between servers S1 and S2. A subnet SNIP1 is configured to enable the NetScaler to communicate with S1 and S2. Since there is an association between VMAC1 and traffic domain "1" NetScaler will send VMAC1 as MAC address in its ARP announcements and  ARP responses for LBVS-TD1 and SNIP1.

In a similar way, for traffic domain "2", an load balancing virtual server LBVS-TD2 is configured to load balance traffic between servers S3 and S4. Again a SNIP, SNIP2 is configured for enabling the NetScaler to communicate with servers S3 and S4. As VMAC2 is associated with traffic domain "2", NetScaler sends VMAC2 as MAC address in all ARP announcements and responses for LBVS-TD2 and SNIP2.

NetScaler can now segregate the traffic based on destination MAC address and send it to corresponding traffic domain "1" or "2".