Citrix SD-WAN

Foundation
 CHIDI KINGSLEY U.
SNR. TECHNOLOGY CONSULTANT
CITRIX CERTIFIED EXPERT – CCE-V
Biography CISCO CERTIFIED NETWORK/SECURITY PROFESSIONAL
 Module1 -SD-WAN Intro and Concept
The WAN Infrastructure
What is SDWAN?
SDWAN Design Concept
Module 2 - SD-WAN Installation
SDWAN Lab Environment
SDWAN Installation Preliminaries
SDWAN Installation I
SDWAN installation II
Module 3 - SD-WAN Configuration
SD-WAN Configuration I
SD-WAN Configuration II and Change Management
SD-WAN Underlay Configuration I

Course Content SD-WAN Underlay Configuration II

Module 4 - SD-WAN Troubleshooting
Troubleshooting dead path I
Troubleshooting dead path II

Module 5 - SD-WAN CENTER

SD-WAN Center Installation
Managing Sites with SD-WAN Center
Module 6 - SD-WAN Feature Demonstration
Demo1 – Link Aggregation/Link bonding
Demo2 – SD-WAN and brownout
Demo3 – Stateful Firewall and Application Awareness
Demo4 - Sub-second failover and link resilience – blackout
Demo5 - SD- WAN voice packet duplication
Module 7 SD-WAN Proof of Concept
Preparing for POC
Conclusion
SD-WAN Bonus Videos
 CITRIX SDWAN LAB DIAGRAM – (HQ –PBR /BR – INLINE)
EIGRP 200

192.168.10.11 -MGMT
INET-WANEM .2 DC-Phone
192.168.20.0/24
DC NETWORK
172.16.10.0/24
BRANCH LAN
172.17.15.0/24 CME - 172.16.10.10

192.168.10.25 -MGMT 172.16.10.9

192.168.10.10 -MGMT F0/1
BR-SDWAN BR-R1 .3 F0/1 DC-R1 CORE-SW Web Server
MPLS-WANEM .2 FTP Server
.1
172.17.15.4 . 192.168.30.0/24
1 .3 F0/0
172.17.15.10 –MPLS F0/0

192.168.100.10 –MPLS
192.168.50.0/24

.1 .1

192.168.100.11 –INET

192.168.100.0/24
172.17.15.11 - INET EIGRP 100

BR-Phone SDWAN CENTER

192.168.10.5 -MGMT

London Branch Office 192.168.50.5 New York Datacenter

NO SDWAN DC-SDWAN
192.168.10.20 -MGMT
END
The WAN Infrastructure
Legacy WAN Vs SD-WAN
 Expensive WAN Infrastructure
WAN bandwidth is expensive and limited, especially for traditional WAN
services like MPLS. Increasingly, customers need more bandwidth to
support real time traffic on their networks, such as VoIP and video
content, but they run the risk of impacting existing, business critical
applications.
END
CITRIX NETSCALER SD-WAN?
 Citrix SD-WAN
What is SD-WAN?
Software-defined WAN (SD-WAN) applies software-defined networking
(SDN) concepts to wide area network (WAN) connections. SD-WAN
technology abstracts traffic management and monitoring from network
hardware and applies them to individual applications to achieve
improved app performance, deliver high-quality user experiences over
geographically dispersed locations, and simplify the deployment of wide-
area and cloud-access networks
Create a software defined overlay …
Virtual logical path is
Logical tunnel created by encapsulating in UDP
created from diverse links

SD-WAN Branch
MPLS

Internet
SD-WAN LTE/Satellite SD-WAN
Data Center
Branch

Cloud
SD-WAN

Courtesy: Citrix.com
… with the understanding of line conditions
With every packet in each path and in both directions,
measure the latency, loss, jitter and congestion

Courtesy: Citrix.com
END
SD-WAN CONCEPT AND DESIGNS
 CITRIX SDWAN DESIGNS NS-SDWAN

1. One-Arm/PBR Mode Design

2. Inline Mode Design

3. Gateway/Edge Mode Design

 CITRIX SDWAN EDITIONS NS-SDWAN

Standard Edition (SE) WANOP (WO) Enterprise Edition

• Multiple link Aggregation • Single link Qos • Multiple link Aggregation
• WAN path resiliency • Application optimization • WAN path resiliency
• WAN path visibility • Application visibility • WAN path visibility
• Hardware consolidation • Hardware consolidation
• Application Optimiization
 CITRIX SDWAN EDITIONS NS-SDWAN

NETSCALER SD-WAN Terminologies DESCRIPTION

• Per packet Processing (not session based) • Citrix NetScaler SD-WAN is per packet
processing driving
• Link Brown out • A situation where service provider link is
degraded but is not completely down due
packet loss, jitter, latency etc.
• Link Black out • A situation where service provider link is
completely down – Complete outage.
• Packet duplication • A feature of Citrix NetScaler SD-WAN where
same packet can be duplicated across
multiple service provider link. The first packet
to reach the headend is received while the
other is discarded. This is a feature that
guarantees delivery especially for sensitive
application like VOIP, video etc.
 CITRIX SDWAN COMPONENTS
NS-SDWAN

❖ CITRIX SD-WAN MCN(Master Control Node): The MCN is the central node
(intelligence) for all remote SD-WAN appliances. Every new configuration and
update work are completed on the MCN using the Configuration Editor tool. This
provides centralized configuration changes and software upgrades to be pushed
out to all the remote SD-WAN devices that will participate in the Virtualized WAN
environment.

❖ CITRIX SD-WAN CLIENT (Remote Client Node): The remote appliance is sd-wan box
deployed in different regional branch offices

❖ CITRIX SD-WAN PROVISIONING AND CHANGE MANAGEMENT: - This the feature that
manages both configuration change and software update within SD-WAN
deployment. It ensures that configuration changes and software update are applied
in a fail-safe manner.
 CITRIX SDWAN CHANGE PROCESS

CITRIX SD-WAN CHANGE PROCESS

• Change Preparation
• Appliance Staging
• Activation
 CITRIX NETSCALER SDWAN CONCEPT
NS-SDWAN

❖ SD-WAN technology logically binds multiple MPLS and broadband paths into a single
logical path.
❖ SD-WAN ensures all bandwidth on all paths are fully utilized – NO wasted bandwidth
❖ SD-WAN measures and monitor network paths in both direction
❖ SD-WAN uses the knowledge gathered from network path monitoring to makes
intelligent decision
 NETSCALER SDWAN CONCEPT Contd…..

❖ The sending (source) SD-WAN appliance adds tags to each packet (Time and
Order).
❖ The receiving (destination) SD-WAN appliance reads the tag on each packet
and uses the information to measure – transit time, congestion, jitter, packet loss
and other information about the health of the path.
❖ This information is shared with the Controller which creates a map of all the path
in the WAN.
❖ This information is consistently been updated with recent packet.
 NETSCALER SDWAN CONCEPT Contd…..
❖ SD-WAN is application aware with ability to discover more 4000 application signature.
❖ Applications are assigned three high level categories
- real-time
- interactive
- bulk
❖ Typically, low latency application are assigned to real time (e.g Skype for business, video,
voip, VDI).
❖ Enterprise applications can be assigned real-time or interactive depending on business
policy
 NETSCALER SDWAN CONCEPT Contd…..

❖ Citrix SD-WAN provides granularity with application classification. Custom rules can be
used using parameters like source and destination IP address, protocol, DSCP tag,
Dscp tag
 NETSCALER SDWAN INSTALLATION

❖ NetScaler SD-WAN comes in physical appliance and virtual appliance form

❖ Virtual appliance can be installed on VMWare esxi, KVM, XenServer, HyperV
❖ Virtual appliance – Import the OVF, .XVA etc.
❖ Get a trial license from the link below

https://www.citrix.com/lp/try/netscaler-sd-wan-standard.html#/email
 NETSCALER SDWAN INSTALLATION Contd….

❖ Our client insisted that they do not want to make major change on their network due
to an unproven technology and advised that our deployment must not be intrusive. As
the SD-WAN consultant, choose a design mode with this in mind and implement?
❖ Deploy Datacenter NetScaler SD-WAN VPX in PBR mode
❖ Deploy Branch SD-WAN in Physical Inline mode – Note VPX does not support Fail to
Wire.
NAME MGMT IP DATA IP

DC-SDWAN 192.168.10.20 192.168.100.10 – MPLS VIP / 192.168.100.11 – BRB VIP

BR1-SDWAN 192.168.10.25 172.17.15.10 – MPLS VIP / 172.17.15.11 – BRB VIP

DC-ROUTER N/A 192.168.30.1 – MPLS INT IP / 192.168.20.1 – BRB INT IP

BR1-ROUTER N/A 192.168.30.3 – MPLS VIP / 192.168.20.3 – BRB VIP

MPLS WANEM 192.168.10.10 192.168.30.2 – Bridged Interface IP

BRB WANEM 192.168.10.11 192.168.20.2 – Bridged Interface IP

DC-Web Server 172.16.10.9

BR-PC (With SD-WAN) 172.17.15.4

BR-PC (Without SD-WAN) 192.168.50.5

 NETSCALER SDWAN INSTALLATION

❖ Obtain a copy of the network topology details

❖ Decide the deployment mode for both Datacenter and Branch
❖ Get a copy of all the management and data plane ip addresses to be used
 NETSCALER SDWAN INSTALLATION - IP ADDRESS SHEET

NAME MGMT IP DATA IP

DC-SDWAN 192.168.10.20 192.168.100.10 – MPLS VIP / 192.168.100.11 – BRB VIP

BR1-SDWAN 192.168.10.25 172.17.15.10 – MPLS VIP / 172.17.15.11 – BRB VIP

DC-ROUTER N/A 192.168.30.1 – MPLS INT IP / 192.168.20.1 – BRB INT IP

BR1-ROUTER N/A 192.168.30.3 – MPLS VIP / 192.168.20.3 – BRB VIP

MPLS WANEM 192.168.10.10 192.168.30.2 – Bridged Interface IP

BRB WANEM 192.168.10.11 192.168.20.2 – Bridged Interface IP

DC-Web Server 172.16.10.9

BR-PC (With SD-WAN) 172.17.15.4

BR-PC (Without SD-WAN) 192.168.50.5

 NETSCALER SDWAN INSTALLATION - OVERLAY AND UNDERLAY

An SDN overlay is a deployment method for network virtualization and software-defined networking
(SDN) that involves running a logically separate network or network component on top of existing
infrastructure.
 CITRIX SDWAN LAB DIAGRAM – (HQ –PBR /BR – INLINE)
EIGRP 200

192.168.10.11 -MGMT
INET-WANEM .2 DC-Phone
192.168.20.0/24
DC NETWORK
172.16.10.0/24
BRANCH LAN
172.17.15.0/24 CME - 172.16.10.10

192.168.10.25 -MGMT 172.16.10.9

192.168.10.10 -MGMT F0/1
BR-SDWAN BR-R1 .3 F0/1 DC-R1 CORE-SW Web Server
MPLS-WANEM .2 FTP Server
.1
172.17.15.4 . 192.168.30.0/24
1 .3 F0/0
172.17.15.10 –MPLS F0/0

192.168.100.10 –MPLS
192.168.50.0/24

.1 .1

192.168.100.11 –INET

192.168.100.0/24
172.17.15.11 - INET EIGRP 100

BR-Phone SDWAN CENTER

192.168.10.5 -MGMT

London Branch Office 192.168.50.5 New York Datacenter

NO SDWAN DC-SDWAN
192.168.10.20 -MGMT
 NETSCALER SDWAN HEAD END CONFIGURATION

❖ DC SD-WAN (MCN) must first be configured been the central for all remote SD-Wan
appliances.

LAB TASK
❖ Configure basic administrative settings

- Set the date and Time

- Switch to MCN console
- Set Session time out
- Install license
 NETSCALER SDWAN CHANGE MANAGEMENT AND PROVISIONING

Change Preparation New configuration/software are uploaded here

Appliance Staging In Staging, configurations are pushed to connected SD-WAN
appliances
Activation In activation the new configuration pushed to the SD-WAN appliance
is activated to become the new active configuration
 NETSCALER SDWAN CONFIGURATION

❖ WAN EMULATOR

https://www.citrix.com/blogs/2015/07/06/ingmarverheij-setting-up-a-persistent-wan-
emulator/

❖ GNS3 www.gns3.com

❖ Excellent Troubleshooting Guide

https://support.citrix.com/article/CTX226234
 TROUBLESHOOTING SD-WAN DEAD PATH

❖ Monitoring and Statistics Page :- This is a good place to start troubleshooting

- Check the monitoring statistics page on the SD-WAN for probes

❖ Start from Layer 1

- Check cabling, connections, speed and duplex

- Check the Ethernet interface on SD-WAN, Mac-address match on Hypervisor

❖ Proceed to Layer 2
- Check ARP statistics on SD-WAN – Must be Ready_Active and Not Reply_PENDING

❖ Proceed to Layer 3

- Use the in built tools like ping, traceroute and packet capture
TROUBLESHOOTING SD-WAN DEAD PATH

Troubleshooting with ARP

TROUBLESHOOTING SD-WAN DEAD PATH

Troubleshooting with ARP

 SD-WAN CENTER INSTALLATION

❖ SD-WAN CENTER INSTALLATION:- Download and Import the Citrix SD-WAN Center
VMWare .ova file or Citrix XenServer .XVA file etc.
❖ DHCP Server Required: SD-WAN requires an active DHCP server to obtain initial ip
address. You can use SD-WAN built in DHCP server to issue IP address.
 SD-WAN CENTER CONFIGURATION

❖ SD-WAN CENTER INSTALLATION:- Download the SD-WAN Center certificate and import
same to your MCN. This is required for secure communication and management.
 CITRIX SDWAN DEMONSTRATION
Demo One

Citrix SDWAN Link bandwidth Aggregation: In this demonstration we will showcase how to transform
backup connections for additional bandwidth without added cost

Demo Two

Citrix SDWAN reaction in link brownouts : In this demonstration, we will show how Citrix SDWAN handles link
brownouts while maintaining excellent user experience.
Demo Three

Citrix SDWAN Stateful Firewall and Application Awareness:

Demo Four

Citrix SDWAN sub-second failover: NetScaler SD-WAN appliances continuously monitor every MPLS and
broadband connection, and can quickly detect path outages or degradations, providing seamless sub-
second failover of traffic to the next-best WAN path.
Demo Five

Citrix Packet Duplication: In this demonstration we will showcase how voice packets gets duplicated
across multiple ISP links
 Citrix SD-WAN Use Cases
1. Enable always-on branch connectivity 24/7

2. Lower WAN costs by aggregating commodity broadband connections

3. Increase WAN bandwidth by supporting multiple ISP connections and

creating a virtual WAN infrastructure.

4. Extend your WAN to support SaaS, hybrid and multi-cloud

5. Manage security and compliance with granular policies

6. Off-load internet traffic directly from the branch

7. Create fault tolerant connection that is self healing and converges in

sub-second upon link black out and brownouts
 SDWAN LAB DIAGRAM – FIREWALL AND APPLICATION CONTROL

INTERNET DC-Phone

DC NETWORK
172.16.10.0/24
BRANCH LAN
172.17.15.0/24 CME - 172.16.10.10

192.168.10.25 -MGMT 172.16.10.9

192.168.10.10 -MGMT F4/0 DC-R1
BR-SDWAN CORE-SW Web Server
BR-R1 MPLS-WANEM .2 FTP Server
.1
172.17.15.4
172.17.15.0/24 F0/0 192.168.30.0/24
.3 F0/0
172.17.15.10 –MPLS 192.168.50.0/24 .1

192.168.100.10 –MPLS
.1

192.168.100.11 –INET

192.168.100.0/24
10.10.11.11 - INET EIGRP 100

BR-Phone SDWAN CENTER

192.168.10.5 -MGMT
192.168.50.5
London Branch Office NO SDWAN New York Datacenter
DC-SDWAN
192.168.10.20 -MGMT