- Release notes
- What's new
- Updating and Upgrading to NetScaler SD-WAN 9.3
- Single-Step Upgrade for SD-WAN Appliances
- Before You Begin
Getting Started by Using NetScaler SD-WAN
- NetScaler SD-WAN Management Web Interface
- One Touch Start
- Installing the SD-WAN Appliance Packages on the Clients
- Preparing the SD-WAN Appliance Packages on the MCN
- Connecting the Client Appliances to Your Network
Setting up the SD-WAN Appliances
- Setting up the Appliance Hardware
- Setting the Management IP Addresses for the Appliances
- Setting the Management IP Address for a SD-WAN Appliance
- Setting the Date and Time on an SD-WAN Appliance
- Setting the Console Session Timeout Interval (Optional)
- Uploading and Installing the SD-WAN Software License File
- Troubleshooting DHCP Management IP Address Configuration
- Configuring Alarms
- Configuration Rollback
- About SD-WAN VPX Standard Edition
- Installing and Deploying a SD-WAN VPX Standard Edition on VMware ESXi
Setting up the Master Control Node (MCN) Site
- Master Control Node (MCN)
- How to Switch the Management Web Interface to MCN Console Mode
- How to Add the MCN Site
- How to Configure Virtual Interface Groups for the MCN Site
- How to Configure Virtual IP Addresses for the MCN Site
- How to Configure GRE Tunnels for the MCN Site (Optional)
- How to Configure WAN Links for the MCN Site
- How to Configure Routes for the MCN Site
- How to Configure High Availability (HA) for the MCN Site (Optional)
- How to Enable and Configure Virtual WAN Security and Encryption (Optional)
- Naming, Saving, and Backing Up the MCN Site Configuration
Adding and Configuring the Branch Sites
- How to Add the Branch Site
- How to Configure Virtual Interface Groups for the Branch Site
- How to Configure Virtual IP Addresses for the Branch Site
- How to Configure GRE Tunnels for the Branch Site
- How to Configure WAN Links for the Branch Site
- How to Configure Routes for the Branch Site
- How to Configure High Availability (HA) for the Branch Site (Optional)
- How to Clone the Branch Site (Optional)
- How to Resolve Configuration Audit Alerts
- How to Save the Completed Sites Configuration
Deployment use Cases
- Deploying SD-WAN in Gateway Mode
- Deploying SD-WAN in PBR mode (Virtual Inline Mode)
- Building a SD-WAN Network
- Dynamic Paths for Branch to Branch Communication
- Configuring Static WAN Paths
- Routing Support for LAN Segmentation
- Utilizing Enterprise Edition Appliance to Provide WAN Optimization Services Only
- SD-WAN SE/EE Appliance in Hairpin Deployment Mode
- Two Box Mode
- SD-WAN Overlay Routing
- High Availability Deployment
- Basic Configuration Mode
Virtual Routing and Forwarding
- How To Configure Routing Domain
- How To Configure Routes
- How To Select Routing Domain for Intranet Service
- How To Configure Interface Groups
- How To Configure Virtual IP Addresses
- How To Configure Virtual IP Address Identity
- How To Configure GRE Tunnels
- How To Configure Access Interface
- How to Customize Classes
- How to Add Rule Groups and Enable MOS
- How to Create Rules
- How To Configure Firewall Segmentation
- Dynamic routing
- Route Filtering
- Network Objects
- Application Classification
- QoS Fairness With Random Early Detection (RED)
- Application QoS Rules
- MPLS QoS Queues
- Application Quality of Experience (QoE)
- Link State Propagation
- Metering and Standby WAN Links
- Multiple Net Flow collectors
- IPSec Tunnel Termination
- Stateful Firewall and NAT Support
- Configuring Multicast Groups
- NetScaler SD-WAN and Zscaler - Using GRE Tunnels and IPsec Tunnels
- Enabling FIPS Compliance Mode in NetScaler SD-WAN
- Configuring Virtual WAN IPsec for FIPS Compliant Operation
- Firewall Traffic Redirection Support by Using Forcepoint in NetScaler SD-WAN
- Internet Service
- DHCP Server and DHCP Relay Agent
- DHCP Client for Data Port (WAN Link IP Address Learning)
- Adaptive Bandwidth Detection
- Active Bandwidth Testing
- Diagnostic Tool
- Monitoring Your Virtual WAN
Auto Secure Peering and Manual Secure Peering
- Auto Secure Peering to an EE appliance from a Standalone WANOP / SDWAN SE/WANOP on the DC site
- Auto Secure Peering Initiated from EE Appliance at DC Site and Branch Site EE Appliance
- Auto Secure Peering Initiated from EE Appliance at DC Site and Branch with WANOP/SE Appliance
- Manual Secure Peering Initiated from EE Appliance at DC Site and Branch EE Appliance
- Manual Secure Peering initiated from EE appliance at DC site to Branch WANOP/SDWAN-SE Appliance
- Domain Join and Delegate User Creation
- SNMPv3 Polling and Trap Capability
- Zero Touch Deployment
- Configure 210-SE LTE
- NetScaler SD-WAN WANOP 9.3
The WANOP Client Plug-in
- Hardware and software requirements
- How the WANOP plug-in works
- Deploying appliances for use with plug-ins
- Customizing the plug-in MSI file
- Deploying plug-ins on Windows systems
- WANOP plug-in GUI commands
- Updating the WANOP plug-in
- Troubleshooting WANOP plug-in
- Configuring Service Class Association with SSL Profiles
- Standard MIB Support
- Best Practices - Security
- Reference Material
- Installing SD-WAN SE Virtual Appliances (VPX) in Linux-KVM Platform
- SD-WAN Standard Edition Virtual Appliance (VPX) HA Support for AWS
- SD-WAN Standard Edition Virtual Appliance (VPX) in Hypervisor on HyperV 2012 R2 and 2016
- SD-WAN Standard Edition Virtual Appliance (VPX) HA Support for Microsoft Azure
- XenServer 6.5 Upgrade for SD-WAN Standard Edition Appliances
Aug 09, 2017
NetScaler SD-WAN introduces support for Dynamic Routing protocols. This feature facilitates discovery of LAN subnets, advertise virtual path routes to work more seamlessly within networks using the BGP and OSPF protocols, allowing SD-WAN to be seamlessly deployed in an existing environment without the need for static route configurations and graceful router failover.
OSPF is a routing protocol developed for Internet Protocol (IP) networks by the Interior Gateway Protocol (IGP) group of the Internet Engineering Task Force (IETF). It includes the early version of OSI’s Intermediate System to Intermediate System (IS-IS) routing protocol.
OSPF protocol is open, which means that its specification is in the public domain (RFC 1247). OSPF is based on the Shortest Path First (SPF) algorithm called Dijkstra. It is a link-state routing protocol that calls for sending Link-State Advertisements (LSAs) to all other routers within the same hierarchical area. Information on attached interfaces, metrics used, and other variables are included in OSPF LSAs. OSPF routers accumulate link-state information, which is used by the SPF algorithm to calculate the shortest path to each node.
You can now configure NetScaler SD-WAN appliances (Standard and Enterprise Editions) to learn routes and advertise routes using OSPF.
NetScaler SD-WAN appliances do not participate as Designated Router (DR) and BDR (Backup Designated Router) on each multi-access network since the default DR priority is set to “0”.
NetScaler SD-WAN appliances does not support summarization as an Area Border Router (ABR).
To configure OSPF:
- In the Configuration Editor, navigate to Connections → [Site Name] → Route Learning → OSPF → Basic Settings and click the Edit () icon.
- Click the Enable checkbox, enter an optional Router ID.
If the Router ID is not specified, it will be auto-selected as the lowest Virtual IP hosted in the SD-WAN network.
3. Click the Advertise NetScaler SD-WAN Routes checkbox if you wish to advertise NetScaler SD-WAN Routes, and click Apply to enable OSPF. The routes advertise or redistribute the SD-WAN virtual path routes to peer routes with whom adjacency or peering is established so that the peer routes are aware of being able to reach those network prefixes through the SD-WAN network.
4. Expand OSPF -> Area, and click Edit.
5. Enter an area ID to learn routes from and advertise to.
6. For sites with multiple Routing Domains, from the Virtual Interfaces panel, choose a Routing Domain from the drop-down menu as illustrated in the figure. The Routing Domain determines which Virtual Interfaces are available.
If there is only one Routing Domain configured, the Routing Domain column will not appear. If Identity is not checked for a specific Virtual IP Address, the associated Virtual Interface will not be available for IP services. For more information, see the Virtual IP Address Identity section.
7. Choose one of the available Virtual Interfaces from the Name drop-down menu. The Virtual Interface will determine the Source IP Address.
8. Enter the Interface Cost (10 is the default).
9. Choose an Authentication Type from the drop-down menu.
10. If you chose Password or MD5 in step 8, enter the Password associated text field.
11. In the Hello Interval field, enter the amount of time to wait between sending Hello protocol packets to directly connected neighbors (10 seconds is the default).
12. In the Dead Interval field, enter the amount of time to wait to receive a Hello protocol packet before marking a router as dead (40 seconds is the default).
13. Click Apply to save your changes.
Stub areas are shielded from external routes and receive information about networks that belong to other areas of the same OSPF domain.
Enable the Stub Area check box.
BGP is an inter-autonomous system routing protocol. An autonomous network or group of networks is managed under a common administration and with common routing policies. BGP is used to exchange routing information for the Internet and is the protocol used between Internet Service Providers (ISPs). Customer networks deploy an Interior Gateway Protocol (IGP) such as RIP or OSPF for the exchange of routing information within their networks. Customers connect to ISPs, and ISPs use BGP to exchange customer and ISP routes. When BGP is used between Autonomous Systems (AS), the protocol is called External BGP (EBGP). If a service provider is using BGP to exchange routes within an AS, then the protocol is called Interior BGP (IBGP).
BGP is a robust and scalable routing protocol deployed on the Internet. To achieve scalability, BGP uses many route parameters called attributes to define routing policies and maintain a stable routing environment. BGP neighbors exchange full routing information when the TCP connection between neighbors is first established. When changes to the routing table are detected, the BGP routers send to their neighbors only those routes that have changed. BGP routers do not send periodic routing updates, and advertise only the optimal path to a destination network. You can configure NetScaler SD-WAN appliances to learn routes and advertise routes using BGP.
To configure BGP:
- In the Configuration Editor, navigate to Connections → [Site Name] → Route Learning → BGP → Basic Settings and click the Edit icon.
- Click the Enable checkbox and the Advertise NetScaler SD-WAN Routes checkbox if you want to advertise NetScaler SD-WAN Routes. Enter an optional Router ID, and enter the number of the Local Autonomous System to learn routes from and advertise routes to in the Local Autonomous System field. The routes advertise or redistribute the SD-WAN virtual path routes to peer routes with whom adjacency or peering is established so that the peer routes are aware of being able to reach those network prefixes through the SD-WAN network.
- Click Apply to enable BGP.
4. Expand BGP → Basic Settings → Neighbors and click the Add (+) icon.
If there is only one Routing Domain configured, the Routing Domain column will not appear. If Identity is not checked for a specific Virtual IP Address (see the Virtual IP Address Identity section for more details), the associated Virtual Interface will not be available for IP services.
5. For Sites with multiple Routing Domains, choose a Routing Domain from the drop-down.
The Routing Domain determines which Virtual Interfaces are available.
6. Choose a Virtual Interface from the drop-down menu. The Virtual Interface will determine the Source IP Address.
7. Enter the IP Address of the IBGP Neighbor router in the Neighbor IP field.
8. In the Hold Time (s) field, enter the Hold Time, in seconds, to wait before declaring a neighbor down (the default is 180).
9. In the Local Preference (s) field, enter the Local Preference value, in seconds, which is used for selection from multiple BGP routes (the default is 100).
10. Click the IGP Metric checkbox to enable the comparison of internal distances to calculate the best route.
11. Click the Multi Hop checkbox to enable multiple hops for the route.
12. In the Password field, enter a password for MD5 authentication of BGP sessions (authentication is not required).
Configuring Route Reflectors and Confederations for iBGP is not supported in a NetScaler SD-WAN network.
1. Navigate to Monitor → Statistics. Select Routes from the Show drop-down menu.
All functions for applicable Routes are supported in NetScaler SD-WAN regardless of whether a Route is Dynamic or Static.
NetScaler SD-WAN appliances connect to a switch on the LAN side and a Router on the WAN side. As SD-WAN technology starts becoming more integral to Enterprise network deployments, SD-WAN appliances will replace the Routers. SD-WAN implements eBGP dynamic routing protocol to function as a dedicated routing device.
SD-WAN appliance establishes nieghbourship with peer routers using eBGP towards WAN side and is able to learn, advertise routes from and to peers. You can select importing and exporting eBGP learned routes on peer devices. Also, SD-WAN static, virtual path learned routes can be configured to advertise to eBGP peers.
For more information, refer to the following use cases:
- SD-WAN site Communicating with non SD-WAN site over eBGP
- Communication Between SD-WAN sites Using Virtual Path and eBGP
- Implementing OSPF in one-arm topology
- OSPF Type5 to Type1 deployment in MPLS Network
- SD-WAN and non SD-WAN (third-party) appliance OSPF deployment
- Implementing OSPF using SD-WAN network with high-availaiblity setup