Citrix SD-WAN

Virtual inline mode

In virtual inline mode, the router uses routing protocol such as PBR, OSPF, or BGP to redirect incoming and outgoing WAN traffic to the appliance, and the appliance forwards the processed packets back to the router.

The following article describes the step-by-step procedure to configure two SD-WAN (SD-WAN SE) appliances:

  • Data Center appliance in virtual inline mode
  • Branch appliance in Inline mode
  • Routing protocol must be configured either at the core switch or further upstream at the router. The router must monitor the health of the SD-WAN appliance so that the appliance can be bypassed if it fails.
  • Virtual inline mode places the SD-WAN appliance physically out of path (one-arm deployment) that is, only a single Ethernet interface to be used (Example: Interface 1/5) with bypass mode set to fail-to-block (FTB). Citrix SD-WAN appliance must be configured to pass traffic to the proper gateway. Traffic intended for the Virtual Path is directed towards the SD-WAN appliance and then encapsulated and directed to the appropriate WAN link.

Gather information

Gather the following information required for configuring virtual inline mode:

  • Accurate network diagram of your local and remote sites including:
    • Local and Remote WAN links and their bandwidths in both directions, their subnets, Virtual IP Addresses and Gateways from each link, Routes, and VLANs.
  • Deployment Table

For information on SD-WAN Orchestrator service-based Virtual Inline mode deployment, see Interfaces.

The following is a sample network diagram and deployment table:

Data center topology – Virtual inline mode

Virtual inline mode

Resolving audit errors

After completing the configuration for Data Center and Branch sites, you will be alerted to resolve the audit errors on both DC and BR sites. Resolve the audit errors (if any).

Virtual inline mode