Every appliance has at least one pair of Ethernet ports that function as an accelerated bridge, called apA (for accelerated pair A). SD-WAN 410-SE appliance has three pairs of ethernet ports (apA, apB, and apC). A bridge can act in inline mode, functioning as a transparent bridge, as if it were an Ethernet switch. Packets flow in one port and out the other. Bridges can also act in one arm mode, in which packets flow in one port and back out the same port.
An appliance that has a bypass card maintains network continuity if a bridge or appliance malfunctions.
Some units have more than one accelerated pair, and these additional accelerated pairs are named apB, apC, and so on.
If the appliance loses power or fails in some other way, an internal relay closes and the two bridged ports are electrically connected. This connection maintains network continuity but makes the bridge ports inaccessible. Therefore you might want to use one of the motherboard ports for management access.
Bypass cards are standard on some models and optional on others. Citrix recommends that you purchase appliances with bypass cards for all inline deployments.
The bypass feature is wired as if a cross-over cable connected the two ports, which is the correct behavior in properly wired installations.
If the appliance is equipped with two accelerated bridges, they can be used to accelerate two different links. These links can either be fully independent or they can be redundant links connecting to the same site. Redundant links can be either load-balanced or used as a main link and a failover link.
When it is time for the appliance to send a packet for a given connection, the packet is sent over the same bridge from which the appliance received the most recent input packet for that connection. Thus, the appliance honors whatever link decisions are made by the router, and automatically tracks the prevailing load-balancing or main-link/failover-link algorithm in real time. For non-load-balanced links, the latter algorithm also ensures that packets always use the correct bridge.
Multiple bridges are supported in both WCCP mode (WANOP) and virtual inline mode. Usage is the same as in the single-bridge case, except that WCCP (WANOP) has the additional limitation that all traffic for a given WCCP (WANOP) service group must arrive on the same bridge.
Two units with multiple bridges can be used in a high-availability pair. Simply match up the bridges so that all links pass through both appliances.