With a hairpin deployment, you can implement use of a Remote Hub site for internet access through backhaul or hairpin when local internet services are unavailable or are experiencing a slow traffic. You can leverage high bandwidth routing between client sites by allowing backhauling from specific sites.
The purpose of a hairpin deployment from a non-WAN to a WAN forwarding site is to provide customers with a more efficient deployment process and more streamlined technical implementation. Customers will have the ability to use a remote hub site for internet access when needs arise, and can route flows through the virtual path to the SD-WAN network.
For example, consider an administrator with multiple SD-WAN Sites, A and B. Site A has poor internet service. Site B has usable internet service, with which you want to backhaul traffic from site A to site B only. You can try to accomplish this without the complexity of strategically weighted route costs and propagation to sites that should not receive the traffic.
Also, the route table is not shared across all sites in a Hairpin deployment. For example, if traffic is hairpin’ned between Site A and Site B through Site C, then only Site C would be aware of site A’s and B’s routes. Site A and Site B will not share each other’s route table unlike in WAN-to-WAN forwarding.
When traffic is Hairpin’ned between Site A and Site B through Site C, the static routes are required to be added in Site A and Site B indicating that the next hop for both the sites is the intermediate Site C.
WAN-to-WAN Forwarding and Hairpin deployment have certain differences, namely:
a. Dynamic Virtual Paths are not configured. At all times, the intermediate site will see all the traffic between the two sites.
b. Does not participate in WAN-to-WAN Forwarding groups.
WAN-to-WAN Forwarding and Hairpin deployment are mutually exclusive. Only one of them can be configured at any given point in time.
NetScaler SD-WAN SE/EE and VPX (virtual) appliances support hairpin deployment. You can now configure a 0.0.0.0/0 route to hairpin traffic between two locations without affecting any additional locations. If hairpinning used for intranet traffic, specific Intranet routes are added to the client site to forward intranet traffic through the virtual path to the hairpin site. Enabling WAN-to-WAN forwarding to accomplish hairpin functionality is no longer required.
You can configure hairpin deployment through the SD-WAN web management interface from the configuration editor.