NetScaler,NetScaler Gateway
NetScaler Gateway_all,NetScaler 10_1,NetScaler 10,NetScaler 9_3,NetScaler 10_5
This article contains information about Spanning Tree Protocol (STP) in the NetScaler Appliance.


This contains information about Spanning Tree Protocol (STP) in the NetScaler Appliance.

Spanning Tree Protocol

STP is a link layer network protocol used to avoid Layer 2 loops (bridge loops) which is commonly used on network switches. The best practice is to disable STP on the interfaces that are connected to the NetScaler appliance because STP can interfere with proper operation during 30 to 50 seconds that the ports are in the LISTENING or LEARNING states. For instance, while the switch ports are in Listening/Learning states:

  • The NetScaler appliances that are in a High Availability (HA) setup cannot receive HA heartbeats from their neighbor, which results in both nodes going into the PRIMARY state.
  • The NetScaler appliance might reset its interfaces to resolve an interface problem. It resets the port back to LISTENING state on the switch and this cycle could continue forever.
  • ARPs and GARPs might be lost, interfering with the operation between the primary and secondary appliances.

With L2 mode disabled (the default setting), the appliance does not switch packets between interfaces in the same virtual LAN, a layer 2 loop cannot exist. Therefore, enabling STP on the interfaces connected to the appliance is not necessary. However, if it is a requirement to enable STP on the ports connected to the appliance, configure Rapid Spanning Tree Protocol (RSTP),to resolve the preceding issues.

In cases where L2 mode on the appliance should be enabled, you must consider the following aspects:

  • The NetScaler appliances do not participate in the spanning tree.
  • With mode Bridge BPDUs: OFF (the default mode), or with older NetScaler software releases that did not have the Bridge BPDUs mode as an option, the NetScaler appliance drops all BPDUs received on an interface.
  • With L2 mode enabled, the appliance switches other frames (such as broadcasts) between two interfaces configured in and connected to the same VLAN.

When you consider the preceding aspects, it could lead to a switching loop that spanning tree might not be able to resolve. You must ensure that a loop-free network at layer 2 before enabling L2 mode. Additionally, if L2 mode is a requirement, it is recommended to ensure that the NetScaler software release installed on the appliance includes the Bridge BPDUs mode in the ON state.


Join the conversation

Citrix Discussions

Open a case

Citrix Support