Jump to content
Welcome to our new Citrix community!

Question about environment

Recommended Posts

So I was given the responsibility of being primary support for our netscaler environment which consists of two SDX's, and then 3 instances on each setup as HA pairs.  Documentation is scarce and gives no justification or reasoning behind any of these configs.  At a high level instance 1 was supposed to handle our external vips in the dmz.  The second instance supposed to be for internal traffic, and the third instance our dev instance. 
Currently   0/1 and 0/2 are on a switch with vlan 3 setup 
                10/1 and 10/2  are configged as LA1 with VLANs 5 and 6 allowed at the switch (theseare dmz vlans)
                10/3 and 10/4  are configged as LA2 with vlans 10 11 and 12    
All 3 VPX's are presented with LA/1 and LA/2
For purposes of this discussion . Our SDX's are on vlan 3, our NSIPS are all on vlan 10
         Instance 1 NSIP gateway ip is on vlan 5 (not sure why gateway isn't on the same subnet as the ip)
         Instance 2 NSIP gateway is ip on vlan 11
         Instance 3 NSIP gateway is on vlan 10
         On top of this the vlans on these instances.. some are set to TAGGED None, while others are tagged.  And all the vlans are bound to the correct interfaces, but none of them are bound in IP bindings, when I would have thought they should have been bound to the applicable snip for that subnet.

Everything I have read.. the NSIPS should have been on the same subnet as the SDX's ips.  Instead vlan 10 is a "systems admin" subnet that also has some vips setup for instance 2.     Again everything is working, so I don't know how big of a deal this config actually is.

Second or third.. I lost track, the fact that all three vpx's also share the same interface channels.  Generally instance 1 only uses LA/1 and that's the only snip setup there, and generally instance 2 and 3 only use LA/2 but each instance has it's own snip in some of the same vlans/subnets.  So again .. I don't know if I am playing with fire here and just waiting for something to break.. or this is a normal configuration.    Should I be able to have a third vpx that shares the same interface and at the same time uses the same subnets/vlans (like for a prod and dev vserver, both ips in the same subnet, but would like the test vserver to be on that 3rd instance, while production was on the second)

Again sorry for the long post.. just looking for some insight.. 

Link to comment
Share on other sites

Thank you Carl for your reply .. I have been using your blogs/healthcheck/vpx documentation as reference in addition to the netscaler documentation, which is part of why I am questioning how I am setup.  That being said if we have multiple instances sharing the same interfaces and vlans..   are there potential problems with vlans that while associated with those instances are not bound to any of the snips associated with that subnet?


Link to comment
Share on other sites

Thank you again for your time..  I think I am misstating my confusion.   Within the documentation for deploying a vpx... It mentions setting up vlans.  It states you should add the vlan, bind it to the interface/channel, then bind it to the SNIP address so that all ip's in that same subnet will use that snip.   (with the exception being the native vlan as you will get an error if you try to associate the vlan with that SNIP)     In our environment.. we have multiple vlans and they are bound to the interface.. but they are NOT bound to the snips associated with that vlan.  Just wondering if that could present a problem


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...