Citrix SD-WAN

Inline mode

This article provides the detail on configuring a branch with Inline Deployment mode. In this mode, the SD-WAN appliance appears to be an Ethernet bridge. Most of the SD-WAN appliance models include a fail-to-wire (Ethernet bypass) feature for inline mode. If power fails, a relay closes and the input and output ports become electrically connected, allowing the Ethernet signal to pass through from one port to another. In the fail-to-wire mode, the SD-WAN appliance looks like a cross-over cable connecting the two ports.

In the following diagram interfaces 1/1 and 1/2 are hardware bypass pairs and will fail-to-wire connecting the Core to the edge MPLS Router. Interfaces 1/3 and 1/4 are also hardware bypass pairs and will fail-to-wire connecting the Core to the edge Firewall.

Inline mode

Branch site inline deployment configuration

Following are the high-level configuration steps to configure Branch site for Inline deployment:

  1. Create a Branch site.
  2. Populate Interface Groups based on connected Ethernet interfaces.
  3. Create Virtual IP address for each virtual interface.
  4. Populate WAN links based on physical rate and not burst speeds using Internet and MPLS Links.
  5. Populate Routes if there are more subnets in the LAN infrastructure.

To create a Branch site

  1. Navigate to Configuration Editor > Sites, and click + Add button.
  2. Keep default settings unless instructed to change.

    Inline mode adds site

    Inline mode basic setting

To populate interface groups based on connected Ethernet interfaces

  1. In the Configuration Editor, navigate to Sites > View Site > [Client Site Name] > Interface Groups. Click + to add interfaces intended to be used. For Inline Mode, each Interface Group is assigned two Ethernet interfaces.

  2. Bypass mode is set to fail-to-wire and Bridge Pair is created using the two Ethernet interfaces.

  3. Refer to the sample topology above and populate the Interface Groups fields as shown below.

    Inline mode interface group

To create Virtual IP (VIP) address for each virtual interface

  1. Create a Virtual IP address on the appropriate subnet for each WAN Link. VIPs are used for communication between two SD-WAN appliances in the Virtual WAN environment.

    Inline mode virtual IP

  1. Navigate to WAN Links, click + button to add a WAN Link for the Internet link.

  2. Populate Internet link details, including the Auto Detect Public IP address as shown below.

  3. Navigate to Access Interfaces, click + button to add interface details specific for the Internet link.

  4. Populate Access Interface for IP address and gateway as shown below.

    Inline mode WAN link 1

    Inline mode WAN link 1

  1. Navigate to WAN Links, click + button to add a WAN Link for the MPLS link.

  2. Populate MPLS link details as shown below.

  3. Navigate to Access Interfaces, click + button to add interface details specific for the MPLS link.

  4. Populate Access Interface for IP address and gateway as shown below.

    Inline mode MPLS 1

    Inline mode MPLS 1

To populate routes

Routes are auto-created based on above configuration. In case there are more subnets specific to this remote branch office, then specific routes need to be added identifying which gateway to direct traffic to reach those back end subnets.

Inline mode populates route