Deploy SD-WAN Standard Edition instances in High Availability mode in Azure - Release Version 10.2

The Citrix SD-WAN Azure solution deploys Citrix SD-WAN in Edge Gateway Mode as a single instance, or a cluster pair for High Availability (HA). In an HA deployment, an Azure Load Balancer (ALB) controls failover between the WAN interfaces of the Citrix SD-WAN appliances. The Citrix SD-WAN appliances themselves update the Azure Route Table (RT) to control failover on the LAN side of the Citrix SD-WAN appliances. The Citrix SD-WAN Azure solution in HA automatically creates the ALB (azure load balancer) named sdwanhalb and RT (route table) named SdWanRouteTable.

The following diagram illustrates the Citrix SD-WAN Azure HA deployment:

localized image

The SD-WAN Standard Edition deployment in Azure is required to be deployed in Edge or Gateway mode deployment where the SD-WAN instance acts as the gateway for the LAN environment. For more information, see Gateway mode.

How to deploy Citrix SD-WAN

To deploy Citrix SD-WAN in high availability:

For the deployment, an Azure VNET is required. Either create a VNET during deployment or choose an existing VNET for the Citrix SD-WAN.

Following is a screenshot of the subnetting in the VNET used in this topic.

localized image

  1. Create an Azure resource. Search for SD-WAN and select WAN Standard Edition release 10.2.

  2. Configure basic settings page and provide the Resource group name.

    localized image

    Note: To create an instance either a new resource group should be created or the resource group needs to be empty to be reused.

  3. Name the Virtual Machine, select Enabled for HA Deployment Mode, and create a Username and Password.

    Note: Use admin as the username to obtain admin access along with the password set in this step. Default password does not work.

    localized image

  4. Configure SDWAN settings. Select the subnets for management, LAN, and WAN traffic. A public IP address is automatically assigned to the management interface and WAN interface for accessing the management UI of the instance over a public IP and to establish virtual paths with the peer SD-WAN instance respectively. The aux subnet is utilized for exchanging heartbeats between the pair of SD-WAN instances.

    localized image

    localized image

    localized image

    localized image

  5. Choose the instance in which you want to run the image. Choose the instance type depending on your requirement as shown in the following.

    • Instance type D3_V2 for max throughput of 200 Mbps with 16 max virtual paths/branches.
    • Instance type D4_V2 for max throughput of 500 Mbps with 16 max virtual paths/branches.
    • Instance type F8 standard for max throughput of 1Gbps with 64 max virtual paths/branches.
    • Instance type F16 standard for max throughput of 1 Gbps with 128 max virtual paths/branches.

    localized image

  6. In step 5, validate the configuration and then create the SD-WAN HA pair. Proceed to configuring the Citrix SD-WAN appliances.

    localized image

    localized image

How to configure Citrix SD-WAN HA in Azure

  1. Determine the IP addresses assigned to the SD-WAN interfaces. Navigate to Virtual Machines > SDWSEA (or as appropriate)> Networking, and examine the IP of each Azure Network Interface.

    • In this deployment, SDWSEA Interface 0 for Management is 10.100.254.4/13.67.93.144.

      localized image

    • The SDWSEA Interface 1 LAN VIP is 10.100.1.4. localized image

    • The SDWSEA Interface 2 WAN VIP is 10.100.0.4. localized image

    • The SDWSEA Interface 3 HA Tracking IP (not VIP) is 10.100.253.4: localized image

    • Repeat the procedure for the secondary Citrix SD-WAN appliance.

  2. Determine the SD-WAN ALB Public IP. Navigate to Load Balancers > sdwanhalb. Select the correct ALB based on the Resource Group created during the deployment. In this environment, the SD-WAN WAN link public IP address.

    localized image

  3. Proceed to the SD-WAN MCN appliance or SD-WAN Center to configure the SD-WAN HA site. In this topic, the SDWSWEA and SDWSEASec appliances are the MCN appliances.

  4. The SDWANSEA and SDWANSEASec Interface Group Configuration is provided as follows. Note the Interfaces are failed to block per Edge Gateway Mode. The WAN Interface must be set to Trusted to accept connections from the ALB.

    localized image

  5. The Virtual IP configuration is provided as follows. Note the HA VIP is not the IP addressed assigned to Interface three. Use an available IP address in the appropriate subnet and not the IP assigned to the Citrix SD-WAN appliances. Note only one VIP in each subnet is the Identity IP.

    localized image

  6. The SDWANSEA WAN Link Settings are provided as follows. Note the Public IP address. The sd-wan license determines the bandwidth settings.

    localized image

  7. The Access Interface settings are as follows. The 10.100.0.1 IP is an Azure reserved IP.

    localized image

  8. HA settings are as follows.

    localized image

  9. Add an export route for the VNET if the SD-WAN is to route to and from more than the SDWSEA-LAN subnet with the SDWSEA-LAN Azure reserved IP as the gateway.

    localized image

  10. Routes that the SDWSEA appliances control should start with SEAvnetSDWgw, in the Azure Route table. This diagram shows the WAN sites in SDWANSEA deployment.

    localized image

    • Route table when the SDWSEA appliance is active.

    localized image

    • Route table when SDWSEASec appliance is active.

    localized image

Deploy SD-WAN Standard Edition instances in High Availability mode in Azure - Release Version 10.2