Jump to content
Welcome to our new Citrix community!

Traffic Domain Functional Improtance on Netscaler ADC

Sudhir Bhagat

Recommended Posts

Hi All, 


Would like to have easy understanding on the Importance of "TRAFFIC DOMAIN" while configuring Virtual Servers, Services or Service Group on ADC in terms of configuration best practices & security aspects.


In our case, we do have multiple environments where we want to (preferably) configure separate Traffic Domains for each environment. Eg:


-For UAT environment Virtual Servers/Services/Service Group , Traffic Domain-1 ,

-For Testing environment Virtual Servers/Services/Service Group, Traffic Domain-2

-For production environment Virtual Servers/Services/Service Group , Traffic Domain-3 and so on....


Second, if we keep the same traffic domain for all the environments , For eg Traffic Domain-1 or keep all configurations in DEFAULT Traffic Domain-0 ....then what may be the future limitation in regards with the day to day support or troubleshooting etc.  


Overall at last, What is the recommendation on Traffic Domain configuration. Should it be kept Same or Different for different environment & What if we can configure all services under Default Traffic Domain - 0.






Link to comment
Share on other sites

The way that I have always envisioned and used them is almost as a VLAN, or better yet, a way to group multiple VLANs together. if you are familiar with Networking concepts. I would say that they serve the purpose of segmenting groups of traffic away from other groups of traffic. The way we have used them in our environment is just that, logical separation between different types of traffic.


You could theoretically use them to separate different environments like dev, test, staging, production as an example but one thing to keep in mind is the platform you are running on. All of that traffic is still going to share hardware resources so personally I would not design my environment like that as you do not want load testing in lower environments to affect your production environment if you experience resource exhaustion on your VPX. 


We, the network team, in our company manages our Netscaler and we have aligned our use of traffic domains up to our internal network segments, which represent a logical grouping of applications depending on what their function is.


Keep in mind that there are some caveats that come with the use of traffic domains, like for instance all of your resources in line with VIP traffic (LB vServer, Service/servicegroup/servers) all need to be within the same traffic domain and cannot be bound to resource in another traffic domain. 


The use of traffic domains for you will be dependent on your need to separate different types of traffic away from other types of traffic and security policies.


I don't think their use is limited to just this and I am just speaking from my experience, I am sure people have used them in many different ways.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...