4000/5000 appliance can be deployed inline or in a
one-arm mode. Inline deployments do not require router
reconfiguration; one-arm modes do. SD-WAN
4000/5000 offers internal
port bypassing (fail-to-wire) to allow traffic to continue flowing
in inline mode if the appliance fails.
Note: Only the one-arm WCCP mode (with a single router) is documented at this time. Inline mode is not yet documented. Citrix recommends WCCP mode at this time.
4000/5000 models offer different
numbers of accelerated bridges. Models with multiple accelerated
bridges can accelerate multiple inline WAN links. See the
specifications sheet for more details, http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/SD-WAN-data-sheet.pdf.
Deploying a Single SD-WAN
4000/5000 Appliance (or HA Pair)
A standalone SD-WAN
appliance can be deployed in either of these two recommended modes:
- Inline, bridged (L2 inline). This closely resembles a standard SD-WAN inline deployment. Packets enter one bridge port and exit the other bridge port.
- One-arm, WCCP. This resembles a standard SD-WAN WCCP deployment.
Citrix also supports the following two modes (which are outside the scope of this document):
- Inline, routed. The NetScaler instance uses routing rules instead of bridging rules to determine how to forward packets.
- Virtual inline. This resembles WCCP, but lacks built-in health-checking.
In L2 inline mode, SD-WAN
4000/5000 is placed between your LAN and
your WAN router (or other aggregation point at the LAN-WAN
boundary). In a one-arm mode, SD-WAN
4000/5000 is generally connected
directly to a dedicated port on your WAN router.
In cases where the WAN router ports are not as
fast as the LAN (for example, when the WAN router has gigabit
Ethernet, but the LAN has10 gigabit Ethernet), inline mode provides
better performance, because its LAN-side traffic is not limited to
the speed of the router interface. (Compression allows the LAN-side
traffic to be much faster than WAN-bound traffic under favorable
inline modes require no reconfiguration of your routers, but
involves a service disruption when bringing the appliance into
- One-arm modes require router reconfiguration but do not require a
- Inline mode has higher performance than the other modes.
- One-arm modes are
limited to half the speed of the router or switch port they are
- With WCCP mode, configuring the router to send only a fraction of
the WAN traffic to SD-WAN
4000/5000 (as little as the traffic from a
single remote site or even a single remote IP address) makes it
easy to bring up and test the installation gradually. Inline mode
requires that all WAN traffic pass through the appliance.
- WCCP mode requires more configuration of the SD-WAN
4000/5000 appliance than do
other modes, but is more standardized and provides more status
information on the router.
greater control provided by WCCP, and especially the ability to put
the deployment into service in stages, makes WCCP the mode of
choice for larger, more complex datacenters, especially if there
might be a possibility of overloading the SD-WAN
- Inline mode is convenient for smaller WAN networks and simpler
datacenters. It is most commonly used with the SD-WAN
4000/5000 310 and
500, and more rarely with the larger appliances.
- Cascaded installations should use
Note: Only WCCP mode (with a single router) is currently documented.