Question and Answers
这篇文章包含常见问题bout Citrix NetScaler MAC-Based Forwarding (MBF) feature.
- What is MBF?
- What logic does MBF follow to learn the MAC address of the upstream router?
- What is the expected behavior when MBF is disabled?
- What is MBF instant learning?
- What is the expected behavior when MBF instant learning is enabled?
- What is the expected behavior when MBF instant learning is disabled?
- How to view the MBF connection table?
- How to clear the MBF connection table for certain interfaces (without shutting down the network interfaces)?
- What is the impact when MBF is enabled?
Q. What is MBF?
A: MBF改变NetScaler电器线路的方式s the server replies back to clients. MBF caches the MAC address of the uplink router that forwarded the client request to the appliance. When a reply is received, it is passed through to the same router that sent the client request without going through any route lookup. If MBF is disabled, then the return path is determined by a route lookup, or is sent to the default route if no specific route exists.
Q. What logic does MBF follow to learn the MAC address of the upstream router?
A: The NetScaler appliance caches the MBF information when the Protocol Control Block (PCB) is created.
After this the appliance does not check for any MAC, VLAN, or channel updates on a per packet basis, and continues to use the cached information. When the appliance receives retransmissions from the client, the appliance verifies if the cached information has changed by comparing the incoming packet parameters with the cached values and updates, if required. If mbf_instant_learning is enabled, then the appliance verifies for any changes after every 100 milliseconds.
Q. What is the expected behavior when MBF is disabled?
A: When you disable MBF, the existing connections do routing per packet. If the routes are present for all the destinations, then there should not be any impact on the flow of traffic. However, if the flow of traffic is dependent on MBF, then disabling MBF leads into an interruption in the traffic flow and can lead to an outage.
When you disable MBF, all the new connections go through a route lookup and use the default routes or static routes configured in the appliance. The existing connections do routing per packet as soon as MBF is disabled.
Q. How to enable MBF instant learning?
A: Run the following command to enable MBF instant learning:
> set L2Param -mbfInstLearning ENABLED
Note: The nsapimgr command must be used from the shell prompt of the appliance when using NetScaler software release 9.2 and 9.3:
#nsapimgr -ys "mbf_instant_learning=1"
Q. What is the expected behavior when MBF instant learning is enabled?
A: The appliance verifies for any changes in the L2 parameters every 100 milliseconds by default when MBF instant learning is enabled.
There might be an increase of CPU usage because of the MAC comparison checks which the appliance does for detecting change in L2 parameters. However, the increase in CPU usage is not significant. The MBF instant learning is disabled by default.
Q. What is the expected behavior when MBF instant learning is disabled?
A: For client-side connections, if the client retransmits data, the appliance learns any changes in the L2 parameters from the incoming packet. But generally with HTTP, the client sends a request and then expects a response. Therefore, if after you send the request the client side router fails, then the client might not have any further data to send.
For back-end server-side connections, when the status of the server-side router is marked as DOWN, the appliance has to wait for the server to retransmit data for learning the MAC change. In addition, on the server-side the traffic is monitored and this monitoring learns the changed MAC. However, this is only if traffic is monitored.
If the status of interface is marked as DOWN (such as when the router goes down) then the appliance flushes the ARP entries which were learned from that interface. The appliance immediately learns the change in the L2 parameters.
Q. How to view the MBF connection table?
A: MBF on the NetScaler appliance does not maintain any table for mappings. For example, there is an ARP table and mappings with the interfaces, there is no table for MBF. However, run the following command to view the peer MAC, channel, and VLAN information:
# nsapimgr -s nsppeid=0 -d allnatpcbs
======================================================================================================= Displaying all NATPCB entries ... Index flags p-flags tran natpcb linkpcb remote-IP-port local-IP-port peer-vlan peer-channel peer-MAC-address 0 01000421 00000000 UDP 44C00000 00000000 127.0.0.1 514 10.102.169.220 6512 0 255 00:00:00:00:00:00 ======================================================================================================= #nsapimgr -s nsppeid=0 -d allpcbs ======================================================================================================= Displaying all PCB entries ... Index t_flags v_flags pcbdevno lnkdevno st remote-IP-port local-IP-port peer-vlan peer-channel peer-MAC-address 0 400000C2 00000000 1432815 0 10 127.0.0.1 7776 127.0.0.2 38266 1 19 00:25:90:15:61:52 =======================================================================================================
Q. How to clear the MBF connection table for certain interfaces (without shutting down the network interfaces)?
A: You cannot clear the MBF sessions on a per interface basis. MBF information is stored in every session in PCB and the MBF information is cleared as soon as the session is cleared.
Q: What is the impact when MBF is enabled?
A: Some deployment topologies may require the incoming and outgoing paths to flow through different routers. MAC-based forwarding would break this topology design.
Additional Resources
Citrix Documentation -Configuring MAC-Based Forwarding