Internally, the CloudBridge 4000/5000 appliance contains several virtual machines:
No WAN traffic enters or leaves the accelerators except as configured in the NetScaler instance. When the appliance is first used, the Provisioning Wizard sets up an initial configuration that provides communication and load balancing between the NetScaler instance and the accelerators.
The management service is the management configuration interface for the appliance, and provides access to key operating and monitoring elements of the appliance. The management service displays CloudBridge parameters as if they were from a single accelerator, and all changes made through this interface are applied to all the accelerator instances.
The Xen hypervisor hosts all the virtual machines. The hypervisor is not user-configurable and should not be accessed except at the request of Citrix.
The external network interfaces are divided into two categories: traffic interfaces and management interfaces.
Traffic Interfaces—The traffic interfaces include all the network interfaces except ports 0/1 and 0/2, which are used only for management. Acceleration takes place only on the traffic interfaces.
Management subnet—The virtual machines connect directly to the external management subnet, with different IP addresses for the management service, NetScaler instance, and XenServer.
Private Internal traffic subnet—The accelerators' accelerated ports are connected to the NetScaler instance internally in a one-arm mode, using an internal traffic subnet. There is no direct connection between the instances' accelerated ports and the appliance’s external ports. All accelerated traffic to the accelerators is controlled by the NetScaler instance.
In both cases, the number of externally visible IP addresses is independent of the number of accelerators the appliance has.
The internal traffic subnet requires two IP addresses per accelerator, plus an address for the NetScaler, plus one or two WCCP VIP addresses if WCCP is used. Since the internal network is private, it has an abundance of address space for these tasks.
Data Flow on the Private Traffic Subnet—The one-arm connection between the NetScaler instance and the accelerators uses the CloudBridge virtual inline mode, in which the NetScaler instance routes packets to the accelerators and the accelerators route them back to the NetScaler instance. Traffic flow over this internal traffic subnet is identical regardless of whether the mode visible to the outside world (on the external interfaces) is inline, virtual inline, or WCCP.
This traffic requires the CloudBridge "Return to Ethernet Sender" option, and the NetScaler MAC Address Forwarding and Use Subnet IP options, which are enabled by the Provisioning Wizard.
See CloudBridge 4000/5000 virtual machines, internal networks, and external port usage for a diagram of port usage on CloudBridge 4000/5000 appliances. Traffic ports are arranged as a set of accelerated bridges, while the management ports are independent. Typically only one management port is used.
CloudBridge 4000/5000 appliances have multiple accelerated bridges. Different models have different numbers and types of bridge ports. The two ports making up such a bridge are called an "accelerated pair." All current models include a built-in network bypass function. (Some older CloudBridge 4000-500 and 4000-1000 units do not include network bypass). The network bypass function (also called "fail to wire") connects pairs of ports together if the appliance fails as a result of either power loss or software failure (as determined by an internal watchdog timer).
Inline deployment. The bypass function allows CloudBridge 4000/5000 to be deployed in line with your WAN, typically between your LAN and your WAN router, without introducing a point of network failure.
The accelerated bridges support either 1 Gbps or 10 Gbps data rates. Ethernet and SFP+ interfaces are supported, depending on model.
One-arm deployment. One-arm deployments are also supported, using WCCP or virtual inline modes. With such deployments, a CloudBridge 4000/5000 traffic port is usually connected directly to a port on the WAN router. The other port on the bridged pair is left unconnected.
Performance considerations. Inline deployments provide higher performance than the one-arm deployments, because the use of two ports instead of one doubles the peak throughput of the interfaces.
Peak throughput is important with CloudBridge 4000/5000 appliances, because the compressor provides acceleration in proportion to the compression ratio. That is, a connection that achieves 100:1 compression transfers data one hundred times faster than an uncompressed connection, provided that the rest of the network path can keep up.
For example, take a datacenter with a 500 Mbps WAN link and a 1 Gbps LAN. The small 2:1 speed ratio between the WAN and LAN allows compression to provide only a 2x speedup on a whole-link basis, because there is no way to get data onto or off of the LAN at speeds above 1 Gbps. A 10 Gbps LAN, which allows a tenfold increase in peak data rates, is recommended for use with CloudBridge 4000/5000 deployments.
When a CloudBridge 4000/5000 appliance is deployed in a one-arm mode, the peak transfer rate is cut in half. A CloudBridge 4000/5000 in one-arm mode, connected to the router with a 1 Gbps LAN interface, saturates this interface when the WAN is running at full speed in both directions. For good performance, a CloudBridge 4000/5000 must have a LAN interface that is much faster than the WAN. When the appliance is connected directly to the router in a one-arm mode, use a 10 Gbps router port.
A CloudBridge 4000/5000 appliance has at least two non-accelerated ports. Port 0/1 is typically used for management, Port 0/2 is present but typically not used. A Light Out Management (LOM) port is also provided. An RS-232 port can be used for management.