Product Documentation

Selecting a Deployment Mode

Aug 09, 2017

The SD-WAN 4000/4100/5100 appliance can be deployed inline or in a one-arm mode. Inline deployments do not require router reconfiguration; one-arm modes do. SD-WAN 4000/4100/5100 offers internal port bypassing (fail-to-wire) to allow traffic to continue flowing in inline mode if the appliance fails.

Deploying a Single SD-WAN 4000/4100/5100 Appliance (or HA Pair)

A standalone SD-WAN 4000/4100/5100 appliance can be deployed in either of these recommended modes:
  • Inline, bridged (L2 inline). This closely resembles a standard SD-WAN inline deployment. Packets enter one bridge port and exit the other bridge port.
  • Inline, routed. The NetScaler instance uses routing rules instead of bridging rules to determine how to forward packets.
  • Virtual inline. This resembles WCCP, but lacks built-in health-checking.

In L2 inline mode, SD-WAN 4000/4100/5100 is placed between your LAN and your WAN router (or other aggregation point at the LAN-WAN boundary). In a one-arm mode, SD-WAN 4000/4100/5100 is generally connected directly to a dedicated port on your WAN router.

In cases where the WAN router ports are not as fast as the LAN (for example, when the WAN router has gigabit Ethernet, but the LAN has 10 gigabit Ethernet), inline mode provides better performance, because its LAN-side traffic is not limited to the speed of the router interface. (Compression allows the LAN-side traffic to be much faster than WAN-bound traffic under favorable conditions.)

  • The inline modes require no reconfiguration of your routers, but involves a service disruption when bringing the appliance into service.
  • One-arm modes require router reconfiguration but do not require a service disruption.
  • Inline mode has higher performance than the other modes.
  • One-arm modes are limited to half the speed of the router or switch port they are attached to.
  • Inline mode is convenient for smaller WAN networks and simpler datacenters.