Citrix SD-WAN

WAN optimization only with Premium (Enterprise) edition

The SD-WAN Premium (Enterprise) Edition appliances contain fully featured WAN Optimization functionality in addition to WAN Virtualization. Some customers prefer to implement WAN Optimization functionality before migrating to SD-WAN services. This deployment use case provides the steps to utilize Premium Edition appliances to utilize WAN optimization services.

Citrix SD-WAN Product Platform Editions include the following appliances:

  • SD-WAN: SD-WAN Standard Edition appliance

  • Premium (Enterprise): SD-WAN Premium Edition appliance

  • WANOP: SD-WAN WANOP Edition appliance

To integrate Premium (Enterprise) Edition appliances into an existing distributed WANOP network, you can configure SD-WAN (Physical or Virtual) appliance at the DC site as the MCN. The SD-WAN appliance manages all configuration of the network. A Virtual Path is established between the Branch site and MCN at the DC site. This Virtual Path is only used for sending control traffic between the appliances. At the branch appliance, the data traffic is processed as an intranet service. The intranet traffic is not encapsulated and traverses over existing WAN link to reach the DC site. A WANOP appliance at the DC site should be in the traffic path to provide end-to-end traffic optimization.

For customer sites that do not have SD-WAN hardware appliance at the head-end, VPX appliances in a HA pair (two Virtual WAN VPXs) can be used as MCN in one-arm mode.  For the one-arm mode, PBR rules on the third-party router are required to redirect traffic to the SD-WAN appliance.

This document assumes that the DC site appliances are deployed in HA mode for redundancy. The HA mode is not mandatory for this deployment.

Prerequisites

  • A pair of WANOP appliances and a pair of SD-WAN appliances deployed in HA mode at the DC site.

  • An Premium Edition appliance at the Branch site.

Network Topology

SD-WAN Standard edition and WANOP appliances in PBR deployment:

In the below illustration, both the SD-WAN SE and WAN OP appliances at the DC site are deployed in one-arm mode. The SD-WAN appliance supports PBR deployment while the WANOP appliance supports both PBR and WCCP.  The control traffic (Virtual Path traffic) received from WAN at the DC site is redirected to the SD-WAN appliance by the PBR Router. The data traffic is redirected to WAN Optimization appliance by the PBR Router.

Traffic flow for WAN to DC LAN:

  • CE (Customer Edge) Router -> PBR Router -> SD-WAN -> PBR Router -> LAN

  • CE (Customer Edge) Router -> PBR Router - > WAN OPT - > PBR Router- > LAN

The same traffic flow is followed in the reverse direction.

localized image

SD-WAN Standard Edition in PBR mode and WANOP in Inline Deployment:

In the below illustration, the SD-WAN appliance at the DC site is deployed in one-arm mode while the WANOP appliance is deployed in inline mode.

The control traffic (Virtual Path traffic) received from WAN at the DC site is redirected to the SD-WAN appliance by the PBR Router. The data traffic is forwarded to WAN Optimization appliance (inline) by the PBR Router.

Traffic flow for WAN to DC LAN:

  • CE (Customer Edge) Router - > PBR Router - > SD-WAN -> PBR Router - > LAN

  • CE (Customer Edge) Router - > PBR Router -> WAN OPT - > LAN

The same traffic flow is followed in the reverse direction.

localized image

Configuration Steps

  1. Configure the SD-WAN Appliance at DC [MCN] to establish Virtual Paths between DC and Branch sites.

    See, configuring virtual path service between MCN and clients.

  2. Configure Intranet Service at the DC site.

    1. On the MCN (DC site), go to Configuration > Virtual WAN > Configuration Editor > Connections > Site (DC)> Intranet Services. Click the [+] sign to add an Intranet Service.

    2. Select one or more WAN Links for Intranet Service, and then click Apply.

    3. Navigate to Routes under the same Site (DC), click [+] sign to add the remote network with cost lower than 5, and select click Add.

      For example, - Enter 192.168.1.0/24 in the Network IP address field with cost 4 and select Service Type as Intranet.

      Note

      Cost at each site should be less than 5 for the intranet route to take precedence.

  3. Configure Intranet Service at the Branch site.

    1. Repeat substeps a to c from step 2 above on the Branch site.

      For example, - Enter 172.16.1.0/24 in the Network IP address field with cost 4 and select Service Type as Intranet.

  4. Perform Change Management to upload and distribute configuration to the Branch site.

    See, Exporting configuration package and change management

    By default, the traffic is sent from Branch to DC through the Virtual Path.

    Note

    The PBR router should be configured to redirect traffic as per the deployment steps provided.

    For more information about configuring WAN Optimization, refer to: Enabling-configuring-wan-optimization.

WAN optimization only with Premium (Enterprise) edition