Product Documentation

Evaluating the Configuration

Aug 09, 2017

Putting your appliance online in a production network requires special attention to prevent disruption or confusion, especially in a complex environment

Rollout Example

When deploying SD-WAN 4000/5000, the basic rollout decision is whether to activate the entire deployment at once or to roll it out in stages. In a large or complex environment, a phased approach avoids trouble, and the deployment can be extended at will. This type of approach calls for the use of WCCP. The following example illustrates one approach for such a site:

  1. Configure the system as described in the installation procedure, except for the router. There, instead of setting up WCCP redirection for all incoming and outgoing WAN traffic, set it up for traffic to and from either a single remote site or a single IP address at that site. The remote site must already contain an enabled SD-WAN appliance.
  2. The accelerator page. If not, check your WCCP configuration on the router and on the accelerators, and check your NAT definitions on the NetScaler instance by using Monitoring: WCCP page. If not, check your WCCP configuration on the router and on the accelerators, and check your NAT definitions on the NetScaler instance by using nstrace. If nstrace reveals an issue, and your definitions look correct, rebooting the appliance may resolve the issue.
  3. Test acceleration between the new site and the remote site, with the remote site as the client side and the SD-WAN 4000/5000 equipped site as the server side, as described in General Monitoring.
  4. If traffic does not appear, the router is not sending traffic to the SD-WAN 4000/5000 properly. The error could be in the Router configuration, the NetScaler configuration, or the SD-WAN WCCP configuration. Double-check these settings.
  5. If traffic appears but is not accelerated, you might have a problem with asymmetrical routing, with not having a SD-WAN license installed, or with having acceleration disabled either globally or on the service classes associated with the traffic.
  6. When all is working properly, test reverse connections, where a site on the SD-WAN 4000/5000 side is the client and the remote site is the server, if applicable.
  7. If using NetScaler HA, save the configuration of the individual WCCP-enabled instances from the individual instances’ GUIs, and save the configuration of the accelerator, do basic configuration manually, then restore the saved configurations, first of the accelerators as a whole, and then restore the two WCCP-enabled instances. Once this is done (and NetScaler HA is enabled), test failover by powering down the primary appliance. Be careful to avoid IP address conflicts.SD-WAN 4000/5000, do basic configuration manually, then restore the saved configurations, first of the accelerators as a whole, and then restore the two WCCP-enabled instances. Once this is done (and NetScaler HA is enabled), test failover by powering down the primary appliance. Be careful to avoid IP address conflicts.
  8. If using NetScaler HA, save the configuration of the individual WCCP-enabled instances from the individual instances’ GUIs, and save the configuration of the accelerator, restore these saved configurations, first of the accelerators as a whole, and then restore the two WCCP-enabled instances. Once this is done (and NetScaler HA is enabled), test failover by powering down the primary appliance.SD-WAN 4000/5000, restore these saved configurations, first of the accelerators as a whole, and then restore the two WCCP-enabled instances. Once this is done (and NetScaler HA is enabled), test failover by powering down the primary appliance.
  9. Expand the scope of acceleration to include more remote sites, and repeat the above testing. When doing so, also examine the Monitoring: System Load page, especially during peak periods, to verify that the SD-WAN 4000/5000 is not heavily loaded.
  10. Continue this process until the entire WAN is being accelerated.

Monitoring

Use the SD-WAN 4000/5000Use the SD-WAN 4000/5000 GUI to monitor traffic after you configure a LAN link and a WAN link. SD-WAN 4000/5000 allows a very simple link definition.

  • Configuring the Links

    To enable monitoring, you must first configure one LAN link and one WAN link. To do so, edit the default links on the Configure: Links page as follows:

    1. Edit one link so its name is “LAN,” its type is “LAN,” and its speed is 10 Gbps in both directions. Delete its existing filter rule, then click Add Rule, and then click Save to save a link definition that matches all traffic.
    2. Edit the other link so that its name is “WAN,” its type is “WAN,” its speed is 95% of the aggregate speed of your site’s WAN links in each direction. Delete its existing filter rule, then click Add Rule, and then click Save to save a link definition that matches all traffic.

    To verify that link configuration is working correctly, traffic must be flowing. If the network does not have enough traffic to fill the WAN link to capacity, run test traffic to fill the network to capacity. Then look at the link reports on the Reports: Link Usage tab. The following figure shows these reports.

  • General Monitoring

    1. If WCCP is configured, verify that the service groups are in operation and the routers are redirecting traffic. (Note that the SD-WAN WCCP page packet counts are not present in SD-WAN 4000/5000. Check traffic by other means, such as on the Monitoring: Active Connections page, and on the router.)
    2. On the remote SD-WANs, verify that outgoing connections are being accelerated, and that all accelerated connections to the datacenter report the same Partner Unit on the remote appliance’s Monitoring: Connections page. When load-balancing is working properly, all outgoing accelerated connections show the same Partner Unit. (However, incoming accelerated connections might show different units.)
    3. Double-check remote SD-WANs for correctly set bandwidth limits, to prevent remote issues from being misidentified as datacenter issues.
    4. Generally monitor the SD-WAN 4000/5000 unit for alerts.
    5. In the broker UI, use the Dashboard, the Monitoring: Remote Partners, and perhaps the Monitoring: Appliance Load pages to monitor the overall activity and load of the system.