Citrix SD-WAN Platforms
Note: You must keep the traic interfaces isolated from the management interface to prevent
ARP flapping and other problems. This isolation can be achieved physically or by tagging man-
agement interface and traic interface packets with dierent VLANs.
Private Internal traic subnet—The accelerators’ accelerated ports are connected to the NetScaler
instance internally in a one-arm mode, using an internal traic subnet. There is no direct connection
between the instances’ accelerated ports and the appliance’s external ports. All accelerated traic to
the accelerators is controlled by the NetScaler instance.
Since this internal subnet is not accessible from outside the appliance, it uses non-routable subnets
in the 169.254.0.0/16 range. The NetScaler instance provides NAT for features that require routable
access to the accelerator. Only the following two features of the accelerators require IP addresses
that can be reached from the outside world:
• The signaling IP address, used for secure peering and the SD-WAN Plugin.
• IP addresses, used for communication with the router when the WCCP protocol is used.
In both cases, the number of externally visible IP addresses is independent of the number of acceler-
ators the appliance has.
The internal traic subnet requires two IP addresses per accelerator, plus an address for the NetScaler,
plus one or two WCCP VIP addresses if WCCP is used. Since the internal network is private, it has an
abundance of address space for these tasks.
Data Flow on the Private Traic Subnet—The one-arm connection between the NetScaler instance
and the accelerators uses the SD-WAN virtual inline mode, in which the NetScaler instance routes
packets to the accelerators and the accelerators route them back to the NetScaler instance. Traic
flow over this internal traic subnet is identical regardless of whether the mode visible to the outside
world (on the external interfaces) is inline, virtual inline, or WCCP.
This traic requires the SD-WAN “Return to Ethernet Sender” option, and the NetScaler MAC Address
Forwarding and Use Subnet IP options, which are enabled by the Provisioning Wizard.
Deployment Mode Summary: The dierences between WCCP mode, inline mode, and virtual inline
mode can be summarized as follows:
• WCCP mode is a one-arm configuration. The accelerators establish WCCP control channels with
the router. In WCCP mode, only one or two accelerators manage the WCCP control channel on
behalf of all the accelerators. Data traic is load-balanced across all the accelerators. When
GRE encapsulation is used, the NetScaler instance performs GRE encapsulation/decapsulation
on the data stream between itself and the router, allowing the data between the NetScaler and
the accelerators to use a decapsulated, Level-2 configuration.
• Inline mode operates much the same as WCCP mode internally, but externally the appliance
emulates a bridge, and no WCCP control channel is established. A packet that enters the appli-
ance on one bridge port exits through the other bridge port. SD-WAN 4000 and 5000 appliances
© 1999-2021 Citrix Systems, Inc. All rights reserved. 32
To Next Page
Loading...
Need help?
General