NetScaler Traffic Domains

 NetScaler Traffic Domains

Last Updated: [last-modified] (UTC)


A NetScaler may use Traffic Domains to keep traffic separate. This is a lot like a VRF in a router and allows overlapping IP address space.

Traffic Domains may provide some basic traffic engineering. You may have a traffic domain for external services and another for internal.

Traffic separation is one of the ways that NetScaler enables multitenancy. Other options include the SDX, which hosts one or more VPX instances. and Admin Partitions.

Admin Partitions are quite similar, as they also separate traffic. Admin partitions also include separate management, which is a distinct advantage. You may also nest Traffic Domains within Admin Partitions.

This feature was originally introduced in NetScaler 10.0 as a ‘hidden’ CLI feature. This was later added to the GUI in version 10.1.



How Traffic Domains Work

When creating a traffic domain, you give it a unique ID. This identifies each traffic domain. The default traffic domain has an ID of zero and is like the global VRF in a router. All objects are part of the default traffic domain unless specified otherwise. You cannot remove the default domain.

VLANs are bound to a single traffic domain only. When a VLAN is bound to a traffic domain, it cannot be bound to another traffic domain. Objects, like virtual servers, can belong to traffic domains.

Once an object is in a traffic domain, it is isolated from objects in other domains. Addressing can even overlap if necessary.

There is a caveat with this. Some features will not work with traffic domains. GSLB and ADNS are examples of this. Check Citrix’s supported features list to see what’s available on your version.




Before configuring traffic domains, create any VLANs you may need.


Creating Traffic Domains

CLI Configuration

As shown below, follow this process to create traffic domains:

  1. Add the domain, and assign an ID
  2. Bind a VLAN to the traffic domain
  3. Verify the traffic domain details
! Configure traffic domains
add ns traffic domain ID
bind ns trafficdomain ID -vlan ID

! Verify traffic domains
show ns trafficdomain ID


GUI Configuration

  1. Browse to System -> Network -> Traffic Domains
  2. Click Add
  3. Enter an ID and optionally an Alias
  4. Go to the VLAN Bindings tab
  5. Add VLANs as required


Using Traffic Domains

When creating objects, there is usually an option to assign them to a traffic domain. In the GUI, look for the Traffic Domain drop-down, and select the domain you need.


In the CLI, objects usually have a -td option. This assigns the object to the domain using the ID.

CLI Example
! Add a route into traffic domain 10
add route -td 10




Citrix – Traffic Domains

Citrix – NetScaler Traffic Domains: A multi-tenancy alternative


Leave a Reply