manualshive.com logo in svg

Citrix NetScaler EE, Руководство по установке и настройке

Поделиться
Скачать
Citrix NetScaler EE Скачать руководство пользователя страница 849

© 1999-2017 Citrix Systems, Inc. All rights reserved.

p.849

https://docs.citrix.com

Accelerated Bridges (apA and apB)

Dec 07, 2012

Every appliance has at least one pair of Ethernet ports that function as an accelerated bridge, called 

apA

 (for 

accelerated

pair A

). A bridge can act in inline mode

,

 functioning as a transparent bridge, as if it were an Ethernet switch. Packets flow in

one port and out the other. Bridges can also act in one arm mode

,

 in which packets flow in one port and back out the same

port.

An appliance that has a bypass card maintains network continuity if a bridge or appliance malfunctions.

Some units have more than one accelerated pair, and these additional accelerated pairs are named apB, apC, and so on.

If the appliance loses power or fails in some other way, an internal relay closes and the two bridged ports are electrically
connected. This connection maintains network continuity but makes the bridge ports inaccessible. Therefore you might
want to use one of the motherboard ports for management access.

Caution: Do not enable the Primary port if it is not connected to your network. Otherwise, you cannot access the
appliance, as explained in 

Ethernet Bypass and Link-Down Propagation

Bypass cards are standard on some models and optional on others. Citrix recommends that you purchase appliances with
bypass cards for all inline deployments.

The bypass feature is wired as if a cross-over cable connected the two ports, which is the correct behavior in properly wired
installations.

Important: Bypass installations must be tested - Improper cabling might work in normal operation but not in bypass mode.
The Ethernet ports are tolerant of improper cabling and often silently adjust to it. Bypass mode is hard-wired and has no
such adaptability. Test inline installations with the appliance turned off to verify that the cabling is correct for bypass
mode.

If the appliance is equipped with two accelerated bridges, they can be used to accelerate two different links. These links
can either be fully independent or they can be redundant links connecting to the same site. Redundant links can be either
load-balanced or used as a main link and a failover link.

Figure 1. Using dual bridges

When it is time for the appliance to send a packet for a given connection, the packet is sent over the same bridge from
which the appliance received the most recent input packet for that connection. Thus, the appliance honors whatever link
decisions are made by the router, and automatically tracks the prevailing load-balancing or main-link/failover-link algorithm
in real time. For non-load-balanced links, the latter algorithm also ensures that packets always use the correct bridge.

Multiple bridges are supported in virtual inline mode.

Содержание NetScaler EE

Страница 1: ...d Deploying a SD WAN VPX Standard Edition on VMware ESXi Setting up the Master Control Node MCN Site Adding and Configuring the Branch Sites Configuration Configuring Virtual WAN Service Configuring the Virtual Path Service Between the MCN and Client Sites NetScaler SD WAN 9 1 Jun 13 2017 The NetScaler SD WAN product was formerly called CloudBridge Refer to the links below to access CloudBridge doc...

Страница 2: ...ting Domain for Intranet Service How To Configure Interface Groups How To Configure Virtual IP Addresses How To Configure Virtual IP Address Identity How To Configure GRE Tunnels How To Configure Access Interface How to Customize Classes How to Add Custom Applications and Enable MOS How to Create Rules Use Cases Dynamic Routing OSPF iBGP eBGP Standby WAN Links Secure Web Gateway Use Cases Virtual ...

Страница 3: ... Edition NetScaler SD WAN VPX SE Installation Requirements and Prerequisites Differences Between a VPX SE and a WANOP VPX Installation Overview of VPX Installation and Deployment Procedures NetScaler SD WAN VPX SE Installation and Configuration Information Checklist Getting Started NetScaler SD WAN Management Web Interface Installing the SD WAN Appliance Packages on the Clients Preparing the SD WA...

Страница 4: ...Inc All rights reserved p 4 https docs citrix com DHCP Client and Server Management Link State Propagation Multiple Net Flow Collectors Network Objects QoS Fairness With RED SNMP MIBs MPLS QoS Queues NetScaler SD WAN Center 9 1 ...

Страница 5: ...s of network quality For release 9 1 Enterprise Edition is available for the 1000 VW and 2000 VW branch hardware appliances only NetScaler SD WAN Standard Edition VW SE This Edition includes Standard Edition Virtual WAN features only It supports software defined WAN capability to create a highly reliable network from multiple network links and to ensure that each application takes the best path to...

Страница 6: ...ce Issue ID 636005 Single bundle upgrade of NetScaler SD WAN from release 8 1 or 9 0 to 9 1 fails if using Internet Explorer version 11 0 If you use Internet Explorer version 11 0 to connect to the web management interface and navigate to Configuration System Maintenance Update Software the following error message appears when you attempt to perform a single bundle Virtual WAN or SD WAN upgrade fro...

Страница 7: ...n the customer has Remote License configured on the SD WAN Workaround Ensure that the Maintenance date in the license file is more recent than the Built date of the SD WAN or Virtual WAN software image that is being upgraded Networking and Security Issue ID 653039 IPsec Rekey based on Data KB not working properly Description In this release NetScaler SDWAN does not support IPsec tunnel Rekey based o...

Страница 8: ...nstead of no entry Platform Issue On the 4000 Standard Edition appliances the link state for 10G interface is not propagated when the 10G link becomes inactive The link states for all other 1G interfaces are propagated correctly SD WAN Center Issue ID 580103 E Mail and Syslog event notifications not displayed for the PATH event type in SD WAN Center Description In the SD WAN Center web interface e...

Страница 9: ...ware ESXi server fails Workaround Upgrade to version 9 0 first and then to 9 0 1 Release 9 0 Issue ID 608355 When Citrix XenServer private networks are deployed for CloudBridge VW VPX along with CloudBridge WAN Optimization VPX the Checksum SendForceSW parameter available through the support html page on the WAN OPT web interface must be turned off Issue ID 580103 In Virtual WAN Center events raise...

Страница 10: ...atures and enhancements were introduced in NetScaler SD WAN for Release 9 1 1 New Appliance Support Support for new Standard Edition appliance 410 SE 410 SE is a small affordable 1U appliance suitable for smaller branch offices It supports WAN speeds of up to 150 Mbps For more information see the SD WAN 400 and 410 Standard Edition hardware documentation Licensing Support for 300 Mbps SKU on 2000 S...

Страница 11: ...P address 192 168 100 1 Typically you connect the appliance s management port to another device for example laptop and use the default static IP address 192 168 100 1 to access the web management interface and install the license When you then apply Local Change Management click Activate and click Done the appliance s default IP address is lost It also no longer has the DHCP IP address because it ...

Страница 12: ...cess the web management interface and install the license When you then apply Local Change Management click Activate and click Done the appliance s default IP address is lost It also no longer has the DHCP IP address because it was removed from DHCP network Licensing Issue ID 666146 SD WAN WANOP License page might not refresh when Local License file is uploaded Diagnostics NetScaler SD WAN WANOP 4...

Страница 13: ...vice This warning message is overwritten by the previous warning message Workaround None NetScaler SD WAN 5100 SE and 2000 SE gateway IP address is not updated even after moving the appliance to another DHCP network Issue 671131 The NetScaler SD WAN 5100 SE and 2000 SE appliances acquire DHCP IP address from the DHCP server in which they are configured When you configure the appliances in another ...

Страница 14: ...nose Dynamic Routing Protocols BGP State Route Learning through import filters to learn routes from peer routers to establish OSPF adjacency and bgp peering Export Filters are used to include or exclude routes for advertisement of virtual path routes between sites or locally created static routes through OSPF and BGP based on route filtering Support for IPsec Tunnel termination and monitoring betw...

Страница 15: ...uting and Forwarding while providing additional security and manageability through network segregation It also introduces Dynamic Routing which allows the Standard and Enterprise edition appliances to discover LAN subnets advertise virtual path routes and fit seamlessly into networks using the IBGP EBGP and OSPF routing protocols while eliminating the need for static route configuration NetScaler SD...

Страница 16: ...place NetScaler SD WAN Platform Software Support The following table illustrates which NetScaler SD WAN platforms are supported for each of the available NetScaler SD WAN software versions Version WAN Optimization Edition Standard Edition Enterprise Edition R 7 X Yes R 8 X Yes R 9 0 Yes Yes R 9 1 Yes Yes Yes NetScaler SD WAN 9 1 introduced a new set of licenses specific to the SD WAN solution Earli...

Страница 17: ...ps bandwidth licenses At least two 2 1 GHZ CPUs are required in order to support the VPX instances Before you can download the software you must obtain and register a NetScaler SD WAN software license For instructions on obtaining a NetScaler SD WAN software license please contact Citrix NetScaler SD WAN Customer Support Instructions for uploading and installing the license file on your appliances ...

Страница 18: ...t for SD WAN VPX SE appliances Pre requisites for using Remote License Server Use Cases Deployment scenarios supported for 9 1 Remote License server reachable in Management network without using data aPA Ports Remote License server in the Branch network SD WAN VPX SE PBR Deployment in the Branch Office Deployment scenarios not supported for 9 1 Remote License server deployed in Data Center data ap...

Страница 19: ...on should be 11 13 1 or earlier It is recommended that you use the latest License Server version Release 9 1 11 13 1 L S Release 9 0 11 13 1 L S Release 8 1 11 12 1 L S Use Cases 1 Remote license server reachable through the management network without using data apA Ports 2 Remote license server in the Branch network 3 SD WAN VPX SE PBR deployment in the Branch office Deployment scenarios not suppo...

Страница 20: ...N web management interface navigate to Configuration Appliance Settings Licensing 2 Select Local and upload the License Click Upload and Install 3 Save your changes by clicking Apply Settings Remote License 1 In the SD WAN web management interface navigate to Configuration Appliance Settings Licensing 2 Select Remote and enter the Remote Server IP address details ...

Страница 21: ... 1999 2017 Citrix Systems Inc All rights reserved p 21 https docs citrix com ...

Страница 22: ... Virtual WAN configuration Appliances shipped with 8 0 x image are not supported to upgrade to Enterprise Edition Note Upgrading to 9 1 release is a multi step process Virtual WANsoftware is upgraded centrally from the MCNappliance using tar gz files Additionally operating system software needs to be upgraded locally on every hardware appliance in the network using upg software package file Itis impo...

Страница 23: ... 9 0 0 x RTM build if your appliance is WANOP edition which has been converted to Enterprise Edition using USB See Convert SD WAN 1000 or 2000 WANOP to Enterprise Edition with USB factory image of 8 1 0 x RTM build 2 Have a valid SD WAN license 3 Have a working Virtual WAN configuration running 8 1 x or 9 0 x build with virtual paths established from MCN to the branch sites Upgrade Procedure 1 On ...

Страница 24: ... and then click Done 4 Obtain the operating system software CB VW PKG 9 1 0 x upg file from the Citrix product downloads page at https www citrix com downloads netscaler sd wan html a Navigate to Configuration System Maintenance Update Software Update Operating System Software b Click Choose File to provide the CB VW PKG 9 1 0 X UPG file c Click Upload and Upgrade 5 Perform operating system software ...

Страница 25: ...ce WAN Optimization service could be down or on older software version Check whether Update Software Operation is performed with latest software version and WAN Optimization service is up Re apply Configuration once these prerequisites are met using Change Management from MCN or Local Change Management on this appliance Workaround Check Configuration Appliance Settings Licensing to verify if license...

Страница 26: ...required to have factory image of 9 0 0 x RTM build if your appliance is WANOP edition which has been converted to Enterprise Edition using USB See Convert WANOP 1000 or 2000 appliance to Enterprise Edition with USB factory image of 8 1 0 x RTM build Upgrade Procedure 1 Decide which appliance needs to be MCN a Promote the appliance as MCN Navigate to Configuration Appliance Settings Administrator I...

Страница 27: ...tscaler sd wan html for all sites in the Virtual WAN network defined in the configuration Upload the tar gz files to the change management and complete the Appliance Staging process but do not Activate the configuration yet 6 Download the staged package for all the sites from the MCN Change Management Upload each package to the respective site appliance through Local Change Management Configuratio...

Страница 28: ...x Virtual WAN Service on MCN appliance through Configuration Virtual WAN Enable Disable Purge Flows Enable Warning On the 1000 2000 appliances the following warning message appears Failed to apply configuration on WANOptimization service WANOptimization service could be down or on older software version Check whether Update Software Operation is performed with latestsoftware version and WANOptimizat...

Страница 29: ...liance instead of serial console Ensure that you have the default credentials to log into the existing Dom 0 root nsroot Upgrade Procedure The conversion procedure is a two step process involving the following steps Insert enclosed USB stick into the Citrix SD WAN appliance Verify that the serial console is connected and proceed with the conversion process How To Convert With USB Stick To upgrade ...

Страница 30: ...citrix com d Repeat steps a b and c until the cursor stops moving Note The above steps should be executed during the applaince rebootprocess The key strokes should happen during BIOS poststage as described in step 4 5 When BIOS loads choose PNY USB 2 0 FD 1100 to boot ...

Страница 31: ... The system reboots after 1 2 minutes and the login prompt is displayed 8 Unplug the USB stick after the procedure is complete References For licensing about the NetScaler and NetScaler SD WAN products see the support link at http support citrix com article ctx131110 For Documentation and Release Notes information about NetScaler SD WAN see http support citrix com proddocs and docs citrix com ...

Страница 32: ... from Standard Edition to Enterprise Edition 1 Export the Configuration locally 2 Download the Active Package from the Change Management page 3 Upgrade the appliance using the downloaded package from System Maintenance Update Software Re image Virtual WAN Appliance software 4 Click Choose File to provide the cb vw_CB1000_9 1 0 x tar gz file 5 Click Upload Select Accept and click on Install to proc...

Страница 33: ...ns and defines the platform dependencies Also provided is a summary and overview of the SD WAN appliance installation and deployment procedures For more information refer to the following topics System Requirements Acquiring the Netscaler SD WAN Software Packages NetScaler SD WAN Software Packages and Appliance Models NetScaler SD WAN Appliance Packages Preparing for Your Deployment Installation an...

Страница 34: ...ease requires all appliances on the SD WAN network to install the same software release Appliances running earlier CloudBridge software versions will not be able to establish a Virtual Path connection to the appliance running SD WAN release 9 1 Software Requirements For details regarding license requirements see Licensing Browser Requirements Browsers must have cookies enabled and JavaScript insta...

Страница 35: ...0 SE hardware appliance NetScaler SD WAN 2000 SE hardware appliance NetScaler SD WAN 4000 SE hardware appliance NetScaler SD WAN 5100 SE hardware appliance NetScaler SD WAN VPX SE Virtual Appliance Enterprise Edition NetScaler SD WAN 2000 EE hardware appliance NetScaler SD WAN 1000 EE hardware appliance WAN OP Edition NetScaler SD WAN 400 WANOP hardware appliance NetScaler SD WAN 800 WANOP hardwar...

Страница 36: ...uired to be running the same SD WANfirmware release For additional information please contactNetScaler SD WANCustomer Support For a complete description of NetScaler SD WAN Appliances please refer to the following NetScaler SD WAN datasheet https www citrix com content dam citrix en_us documents data sheet netscaler sd wan datasheet pdf NetScaler SD WAN Hardware Appliances Citrix NetScaler SD WAN 9...

Страница 37: ... WAN 9 1 supports the following SD WAN VPX Virtual Appliance VPX SE models SD WAN VPX SE MODEL APPLIANCE TYPE ROLE SD WANVPX 10 SE Virtual Appliance MCNor clientnode small branch SD WANVPX 20 SE Virtual Appliance MCNor clientnode small branch SD WANVPX 50 SE Virtual Appliance MCNor clientnode small branch SD WANVPX 100 SE Virtual Appliance MCNor clientnode small branch For more information see Abo...

Страница 38: ...y means of the Change Management wizard in the Management Web Interface running on the Master Control Node MCN If this is an initial installation you must manually upload stage and activate the appropriate appliance package on each of the client appliances that will reside in your SD WAN network If you are updating the configuration for an existing SD WAN deployment the MCN automatically distribute...

Страница 39: ...ces For each hardware appliance you want to add to your SD WAN deployment you must complete the following tasks a Set up the appliance hardware b Set the Management IP Address for the appliance and verify the connection c Set the date and time on the appliance d Optional Set the console session Timeout interval to a high or the maximum value e Upload and install the software license file on the app...

Страница 40: ...Resolve any configuration Audit Alerts j Save the new configuration 5 Configure the Virtual Paths and Virtual Path Service between the MCN and the client sites 6 Optional provisional If your license includes WAN Optimization enable and configure WAN Optimization a Enable WAN Optimization and configure the default Features settings b Configure the default Tuning Settings c Configure the default Applicatio...

Страница 41: ...AN site you want to deploy The licensing information for your product Required Network IP Addresses for each appliance to be deployed Management IP Address Virtual IP Addresses Site Name Appliance Name one per site SD WAN Appliance Model for each appliance to be deployed Deployment Mode MCN or Client Topology Gateway MPLS GRE Tunnel information Routes VLANs Bandwidth at each site for each circuit ...

Страница 42: ...ing and Deploying a SD WAN VPX SE on ESXi Installing SD WAN VPX SE on XenServer The procedures for installing a NetScaler SD WAN Virtual WAN VPX SD WAN VPX SE and a NetScaler SD WAN WAN Optimization appliance WANOP VPX are very similar However there are some critical differences as outlined in Differences Between a SD WAN VPX VW and WAN OP VPX Installation For instructions on installing a SD WAN V...

Страница 43: ...isor ESXi server version 5 5 0 or higher Browsers must have cookies enabled and JavaScript installed and enabled The SD WAN VPX SE Management Web Interface supports the following browsers Google Chrome 49 0 2623112 m Mozilla Firefox 43 0 4 Microsoft Internet Explorer 11 0 9600 18163 Before you can install and deploy a SD WAN VPX SE 9 1 as a client appliance the SD WAN Master Control Node MCN and e...

Страница 44: ...ion number The following section provides a summary of the steps and procedures involved in installing and configuring a SD WAN VPX SE Virtual Appliance The minimum configuration requirements for the SD WAN VPX SE Virtual Machine are as follows Virtual CPUs 4 Memory 4GB RAM Virtual Datastore 40 GB disk Management Interface 1 default The SD WAN VPX SE interface specifications are as follows SD WAN VPX...

Страница 45: ... 1999 2017 Citrix Systems Inc All rights reserved p 45 https docs citrix com SE supports both 1 arm and In line deployments WCCP is not supported ...

Страница 46: ... cb vw vpx version xva To install SD WAN VPX SE on VMware ESXi Server download this file cb vw vpx version _vmware ova Where version is the current SD WAN version number Note For additional information on licensing and downloading SD WANsoftware see the sections Licensing and Acquiring the SD WAN Software Packages SD WAN VPX SE Virtual Appliance supports the following server platforms XenServer Hyp...

Страница 47: ...bled by defaultfor the SD WANVPX SE ManagementIP Address To configure a static Management IP Address for a SD WAN VPX SE Virtual Appliance do the following 1 Open the vSphere Client or XenServer Client where you created the SD WAN VPX SE Virtual Machine VM 2 Open the vSphere or XenServer Console for the new SD WAN VPX SE and log into the Administrator account for the VM Default Administrator user n...

Страница 48: ... 1999 2017 Citrix Systems Inc All rights reserved p 48 https docs citrix com Note See also the section Setting the ManagementIP Addresses for the Appliances ...

Страница 49: ...vailable on the Citrix Documentation Portal http docs citrix com See also Differences Between a SD WAN VPX SE and WANOP VPX Installation The following list summarizes the steps and procedures involved in deploying a SD WAN VPX SE on a VMware ESXi server 1 Gather your SD WAN VPX SE installation and configuration information For instructions see SD WAN VPX SE Installation and Configuration Checklist 2...

Страница 50: ...VPX SE VM Determine the amount of memory to allocate for the SD WAN VPX SE VM Determine the amount of disk capacity to allocate for the virtual disk for the VM default disk space requirement is 39 1 GB If you are not using DHCP note the IP Address you intend to assign as the static Management IP Address for the SD WAN VPX SE By default SD WAN VPX SE uses DHCP Determine the Gateway IP Address the S...

Страница 51: ...Inc All rights reserved p 51 https docs citrix com Deployment Oct 04 2016 Refer to the following topics for SD WAN VPX deployment related information Installing and Deploying SD WAN VPX on ESxi Configuring Management IP Address ...

Страница 52: ...ange with new releases of the vSphere software For the mostcomplete and currentvSphere Clientinstallation and operation instructions please refer to your VMware documentation The instructions in this chapter are intended to provide the mostbasic and essential guidelines only for installing a SD WANVPX SE Virtual Machine on the ESXi platform The following summarizes the top level steps for installi...

Страница 53: ...n 5 5 or later 1 Open a browser and navigate to the ESXi server that will host your vSphere Client and VPX SE Virtual Machine VM instance at https my vmware com group vmware evalcenter p free esxi6 The VMware ESXi downloads page displays 2 Click the Download vSphere Client link to download the vSphere Client installation file 3 Install the vSphere Client Run the vSphere Client installer file that yo...

Страница 54: ... IP address Name Enter the IP Address or Fully Qualified Domain Name FQDN for the ESXi server that will host your SD WAN VPX SE VM instance User name Enter the server Administrator account name The default is root Password Enter the password associated with this Administrator account 6 Click Login This displays the vSphere Client main page ...

Страница 55: ...stems Inc All rights reserved p 55 https docs citrix com The next step is to install and deploy the SD WAN VPX SE OVF template and set up the Virtual Machine The following section provides instructions for these procedures ...

Страница 56: ...al PC you will be using to connect to the ESXi server that will host your SD WAN VPX The OVF template file has a file name using the following naming convention cb vw vpx version_number vmware ova where version_number is the SD WAN VPX release version number ova is the file name suffix indicating that this is an OVF template file Note For additional information please see downloading the Software Packa...

Страница 57: ... docs citrix com 3 Select the CB VPX VW OVF template ova file you want to install Browse to the location of the ova file you downloaded earlier to the local PC and select it 4 Click Next This imports the selected ova file and displays the OVF Template Details page ...

Страница 58: ...ix Systems Inc All rights reserved p 58 https docs citrix com 5 This page displays some basic information regarding the OVF template you just imported 6 Click Next This proceeds to the End User License Agreement page ...

Страница 59: ... 1999 2017 Citrix Systems Inc All rights reserved p 59 https docs citrix com 7 Click Accept and then click Next This proceeds to the Name and Location page ...

Страница 60: ...om 8 Enter a unique name for the new VM or accept the default The name must be unique within the current Inventory folder and can be up to 80 characters in length 9 Click Next This displays the Disk Format page The SD WAN VPX VW Virtual Machine requires 39 1 GB of disk space ...

Страница 61: ... 1999 2017 Citrix Systems Inc All rights reserved p 61 https docs citrix com 12 Accept the default settings and click Next This proceeds to the Network Mapping page ...

Страница 62: ... 1999 2017 Citrix Systems Inc All rights reserved p 62 https docs citrix com 13 Accept the default VM Network and click Next This proceeds to the Ready to Complete page ...

Страница 63: ... image onto the server could take several minutes This displays the Deploying Citrix NetScaler SD WAN VPX status dialog box Depending on the conditions present on your server the deployment can take from several minutes to a few hours to complete When the SD WAN VPX Virtual Machine has been successfully created a success message displays ...

Страница 64: ...rns to the vSphere Client main window If this is the first VM you have created using this vSphere Client the vSphere Client Home page displays If you have previously created one or more VMs the Inventory page displays The next step is to configure the SD WAN VPX Management IP Address The following section provides instructions for this procedure ...

Страница 65: ...you must manually assign a static Management IP Address for the SD WAN VPX Virtual Appliance For instructions see Manually Configuring a Static Management IP Address for the VPX If you are using DHCP By default all SD WAN VPX Virtual appliances use DHCP to acquire the Management IP Address To use DHCP the DHCP server must be present and available in the SD WAN For instructions on identifying the ac...

Страница 66: ...you just created in the vSphere Client Also see Setting up the SD WAN Appliances To set the Management IP Address manually do the following Note DHCP is enabled by defaultfor the SD WANVPX ManagementIP Address 1 Continuing in the vSphere client Inventory page select the new SD WAN VPX VM in the Inventory tree left pane This displays the Inventory page for the new VM with the Getting Started tab pr...

Страница 67: ... WAN VPX SE VM 3 Select the Console tab in the Inventory page tab bar The Console tab is located in Inventory page tab bar at the top of the main page area Selecting this tab displays and enables access to the CLI console for the VM As the new VM starts up a series of status messages display in the console ...

Страница 68: ...pletes the console login prompt displays 4 Click anywhere inside the console area to enter console mode This turns control of your mouse cursor over to the VM console and enables console mode Note To release console control of your cursor press the Ctrl and Altkeys simultaneously 5 Log into the VM console ...

Страница 69: ...n credentials for the new SD WAN VPX SE VM are as follows Login admin Password password This displays the console Welcome screen 6 Enter the following command line at the console prompt management_ip This switches to the management_ip CLI in the console and displays the set_management_ip prompt ...

Страница 70: ...interface ipaddress subnetmask gateway Where ip is the Management IP Address for the SD WAN VPX SE Virtual Appliance subnetmask is the subnet mask used to define the network in which the CB VPX VW Virtual Appliance resides gateway is the Gateway IP Address the SD WAN VPX SE Virtual Appliance will use to communicate with external networks This stages but does not apply the interface settings ...

Страница 71: ...d at the set_management_ip prompt apply b When prompted to confirm the apply operation enter Y This applies the staged interface settings for the VM and displays the results 9 Enter exit and press Return at the prompt to exit the management_ip CLI 10 Exit the console Enter exit and press Return at the console prompt and then press Ctrl Alt to regain control of the cursor ...

Страница 72: ...sic Tasks options b In the Basic Tasks section click Shut down the virtual machine red box icon You are prompted to confirm that you want to shut down the guest operating system for the VM c Click Yes to confirm This shuts down the guest operating system and powers off the VM When the shutdown completes the Power on the virtual machine option green play button becomes available ...

Страница 73: ...docs citrix com 12 Restart the Virtual Machine Click Power on the virtual machine green right arrow to restart the VM You can view the progress of the start up process in the Console tab page for the VM When the startup process completes the login prompt displays ...

Страница 74: ... 1999 2017 Citrix Systems Inc All rights reserved p 74 https docs citrix com You can now proceed to the final step Connecting to the SD WAN VPX SE and Testing the Deployment ...

Страница 75: ...DHCP If you are notusing DHCP or have assigned a static IP Address for the Virtual Appliance you can skip this step If you are using DHCP the DHCP server mustbe presentand available in the SD WANbefore you can complete this step To display the DHCP assigned Management IP Address for the Virtual Appliance do the following 1 Continuing in the vSphere client Inventory page select the new SD WAN VPX S...

Страница 76: ...e tab bar at the top of the main page area Selecting this tab displays and enables access to the CLI console for the VM 4 Click anywhere inside the console area to enter console mode This turns control of your mouse cursor over to the VM console and enables console mode Note To release console control of your cursor press the Ctrl and Alt keys simultaneously 5 Press Enter to display the console lo...

Страница 77: ...in credentials for the new SD WAN VPX SE VM are as follows Login admin Password password This displays the console Welcome message which includes the Host IP Address 7 Record the Management IP Address for the SD WAN VPX SE VM Note The DHCP server mustbe presentand available in the SD WAN or this step cannotbe completed ...

Страница 78: ...ge displays the Last login information and the Host IP Address This IP Address is the Management IP Address for this new SD WAN VPX SE VM This completes the deployment of the SD WAN VPX SE Virtual Machine The final step is to connect to the new SD WAN VPX SE and test the deployment Instructions are provided in the next section ...

Страница 79: ... You can use any PC connected to your network for example the local PC you used to deploy the SD WAN VPX SE Virtual Machine in the vSphere Client If you have successfully assigned the Management IP Address for the SD WAN VPX SE the Management Web Interface Login page displays 2 Enter the Administrator user name and password and click Login Default Administrator user name admin Default Administrato...

Страница 80: ...cense has not been installed For now you can ignore this alert The alert will be resolved automatically after you have installed the license and completed the configuration and deployment process for the appliance You have now completed the initial installation and deployment of the SD WAN VPX SE Virtual Appliance However there are some remaining steps to complete the set up process for the Virtual...

Страница 81: ... software package on the designated MCN appliance The following CloudBridge Knowledge Base support articles are recommended CloudBridge Virtual WAN PBR Mode Deployment Steps CTX201577 http support citrix com article CTX201577 CloudBridge Virtual WAN Gateway Mode Deployment Steps CTX201576 http support citrix com article CTX201576 The steps for adding and configuring the MCN site are as follows 1 Sw...

Страница 82: ...on is available only on the MCN The MCN can monitor the entire Virtual WAN whereas client nodes can monitor only their local Intranets along with some information for those clients with which they are connected The primary purpose of the MCN is to establish and utilize Virtual Paths with one or more client nodes located across the Virtual WAN for Enterprise Site to Site communications An MCN can a...

Страница 83: ...g mode of the ManagementWeb Interface mode only and notthe active role of the appliance itself To promote an appliance to the role of MCN you mustfirstadd and configure the MCNsite and activate the configuration and software package on the designated MCNappliance To switch the Management Web Interface to MCN Console mode do the following 1 Log into the Management Web Interface on the appliance you wa...

Страница 84: ... enables the Configuration Editor branch in the navigation tree The Configuration Editor is available on the MCN appliance only Note Before proceeding to the nextstep make sure thatthe appliance is still setto the default Client Console mode The section heading should be Switch to MCN Console 5 Click Switch Mode to set the appliance mode to MCN Console mode This displays a dialog box prompting you t...

Страница 85: ...5 https docs citrix com 7 Enter the Administrator user name and password and click Login Default Administrator user name admin Default Administrator password password After logging in the Dashboard displays now indicating that the appliance is in MCN mode ...

Страница 86: ... 1999 2017 Citrix Systems Inc All rights reserved p 86 https docs citrix com The next step is to open a new configuration and add the MCN site to the Sites table and begin configuring the new MCN site ...

Страница 87: ...rongly recommended thatyou setthe console session Timeoutinterval to a high value when creating or modifying a configuration package or performing other complex tasks The defaultis 60 minutes the maximum is 9999 minutes For security reasons you should then resetitto a lower threshold after completing those tasks For instructions see the section Setting the Console Session TimeoutInterval Optional T...

Страница 88: ...reserved p 88 https docs citrix com 2 Click New to start defining a new configuration This displays the New configuration settings page 3 Click Add in the Sites bar to begin adding and configuring the MCN site This displays the Add Site dialog box ...

Страница 89: ...The generic names do notinclude the Standard Edition model suffix butdo correspond to the equivalentSD WANAppliance models Selectthe corresponding model number for this SDWANAppliance model For example selectNetScaler 4000 if this is a NetScaler SD WAN4000 SE appliance c Select primary MCN as the mode Note Entries cannotcontain spaces and mustbe in Linux format 5 Click Add to add the site This adds...

Страница 90: ...Enter the basic settings for the new site or accept the defaults 7 Optional strongly recommended Save the configuration in progress If you cannot complete the configuration in one session you can save it at any time so you can return to complete it later The configuration is saved to your workspace on the local appliance To resume working in a saved configuration click Open in the Configuration Editor ...

Страница 91: ...ights reserved p 91 https docs citrix com This opens the Save As dialog box 2 Enter the configuration package name Note If you are saving the configuration to an existing package be sure to selectAllow Overwrite before saving 3 Click Save ...

Страница 92: ...ociate interfaces to Fail to Wire FTW pairs Single WAN interfaces cannot be in an FTW pair Note For additional guidelines and information on configuring Virtual Interface Groups see the Virtual Routing and Forwarding section To add a Virtual Interface Group to the new MCN site do the following 1 Continuing in the Sites tree of the Configuration Editor click next to the name of the site you just adde...

Страница 93: ...ehavior of bridge paired interfaces in the Virtual Interface Group in the event of an appliance or service failure or restart The options are Fail to Wire or Fail to Block 6 Select the Security Level from the drop down menu This specifies the security level for the network segment of the Virtual Interface Group The options are Trusted or Untrusted Trusted segments are generally protected by a firewa...

Страница 94: ...D for identifying and marking traffic to and from the Virtual Interface Use an ID of 0 zero for native untagged traffic 10 Click to the right of Bridge Pairs This adds a new Bridge Pairs entry and opens it for editing 11 Select the Ethernet interfaces to be paired from the drop down menus To add more pairs click next to Bridge Pairs again 12 Click Apply This applies your settings and adds the new Vi...

Страница 95: ...e new Virtual Interface Group entry This is because you have notyetconfigured any Virtual IP Addresses VIPs for the site For now you can ignore this alert as itwill be resolved automatically when you have properly configured the VIPs for the site 13 To add more Virtual Interface Groups click to the right of the Interf ace Groups branch and proceed as above ...

Страница 96: ...eft of the Virtual IP Addresses branch This displays the Virtual IP Addresses table for the new site 2 Click to the right of Virtual IP Addresses to add an address This opens the form for adding and configuring a new Virtual IP Address 3 Enter the Virtual IP Address Prefix information and select the Virtual Interf ace with which the address is associated The Virtual IP Address must include the full ...

Страница 97: ...p 97 https docs citrix com 4 Click Apply This adds the address information to the site and includes it in the site Virtual IP Addresses table 5 To add more Virtual IP Addresses click to the right of the Virtual IP Addresses branch and proceed as above ...

Страница 98: ...ceed to the section Configuring the WAN Links for the MCN Site To configure a GRE Tunnel do the following 1 Continuing in the site tree for the new MCN site click to the left of the GRE Tunnels branch label This opens the GRE Tunnels table for the new site 2 Click to the right of the GRE Tunnels This adds a new blank GRE Tunnel entry to the table and opens it for editing 3 Configure the GRE Tunnel se...

Страница 99: ...ation IP Enter the destination IP Address for the tunnel Tunnel IP Prefix Enter the tunnel IP Address and prefix Checksum Select this to enable Checksum for the tunnel GRE header Keepalive Period s Enter the wait time interval in seconds between keepalive messages If configured to 0 no keepalive packets will be sent but the tunnel will remain up The default is 10 Keepalive Retries Enter the number of...

Страница 100: ...here are no WANlinks to form a table and therefore no Open icon to the leftof the WAN Links branch However if links exist the active icon is available If so click to the leftof the WAN Links branch to display the table This also reveals the Add Edit pencil Delete trashcan and Help active icons to the rightof the WAN Links branch This reveals the Add and Help active icons to the right of the WAN Li...

Страница 101: ...ame appended with the following suffix WL number Where number is the number of WAN Links for this site incremented by one 4 Select the Access Type from the drop down menu The options are Public Internet Private Intranet or Private MPLS 5 Click Add This displays the WAN Links table adds the new unconfigured link to the table and opens the Basic Settings configuration form for the link ...

Страница 102: ...tons 7 Enter the link details for the new WAN link Some guidelines are as follows Some Internet links might be asymmetrical Misconfiguring the permitted speed can adversely affect performance for that link Avoid using burst speeds that surpass the Committed Rate For Internet WAN links be sure to add the Public IP Address 8 Click the grey Advanced Settings section bar This opens the Advanced Setting...

Страница 103: ...n sending duplicate packets Frame Cost bytes Enter the size in bytes of the header trailer added to each packet for example the size in bytes of added Ethernet IPG or AAL5 trailers Congestion T hreshold Enter the congestion threshold in microseconds after which the WAN link will throttle packet transmission to avoid further congestion MT U Size bytes Enter the largest raw packet size in bytes not ...

Страница 104: ...trix com 11 Select the Eligibility settings for the link 12 Click the grey Metered Link section bar This opens the Metered Link settings form for the link 13 Optional Select Enable Metering to enable metering for this link This displays the Enable Metering settings fields ...

Страница 105: ... link status However in the event of a failure SD WAN can use active metered links as a last resort for forwarding production traffic 15 Click Apply This applies your specified settings to the new WAN link The next step is to configure the Access Interfaces for the new WAN link An Access Interface consists of a Virtual Interface WAN endpoint IP Address Gateway IP Address and Virtual Path Mode defined ...

Страница 106: ... place your cursor in the field then click and hold and roll your mouse rightor leftto see the truncated portion Virtual Interf ace This is the Virtual Interface this Access Interface will use Select an entry from the drop down menu of Virtual Interfaces configured for this branch site IP Address This is the IP Address for the Access Interface endpoint from the appliance to the WAN Gateway IP Addres...

Страница 107: ...his applies your settings and adds the new Access Interface entry to the Access Interf aces table You have now finished configuring the new WAN link Repeat these steps to add and configure additional WAN links for the site The next step is to add and configure the routes for the site ...

Страница 108: ...ght of the Routes branch to add a route This opens the Routes table for editing and adds a blank route entry to the table top entry 3 Enter the route configuration information for the new route Enter the following Network IP Address Enter the Network IP Address Cost Enter a weight from 1 to 15 for determining the route priority for this route Lower cost routes take precedence over higher cost route...

Страница 109: ...ng times of congestion Note that under certain conditions and if configured for Intranet Fallback on the Virtual Path traffic that ordinarily travels by means of a Virtual Path may instead be treated as Intranet traffic in order to maintain network reliability Passthrough This service manages traffic that is to be passed through the Virtual WAN Traffic directed to the Passthrough Service includes broad...

Страница 110: ...se these warnings to identify errors or missing configuration information Roll your cursor over an auditwarning icon to display a shortdescription of the error s in thatsection You can also click the dark grey Audits status bar bottom of page to display a complete listof all auditwarnings 10 To add more routes for the site click to the right of the Routes branch and proceed as above You have now fin...

Страница 111: ... 1999 2017 Citrix Systems Inc All rights reserved p 111 https docs citrix com ...

Страница 112: ...actas the secondary MCN Important Both appliances in an HA pair mustbe the same appliance model To configure High Availability for the MCN site do the following 1 Continuing in the Sites tree for the new MCN site click to the left of the High Availability branch for the site This displays the High Availability configuration form 2 Click Edit pencil icon to the right of the High Availability branch t...

Страница 113: ...ifies the wait time in milliseconds after contact with the primary MCN appliance is lost before the standby MCN appliance becomes active Shared Base MAC This is the shared MAC Address for the HA pair appliances Swap Primary Secondary checkbox When this is selected if both appliances in the HA pair come up simultaneously the secondary MCN appliance becomes the primary MCN appliance and takes precede...

Страница 114: ...on between the appliances in the MCN HA pair Primary This is the unique Virtual IP Address for the primary MCN appliance The secondary MCN uses this for communication with the primary MCN Secondary This is the unique Virtual IP Address for the secondary MCN appliance The primary MCN uses this for communication with the secondary MCN 7 Click to the left of the new HA IP Interf aces entry This displ...

Страница 115: ...dds a new blank entry to the table and opens it for editing 9 Enter the External Tracker IP Address Enter the IP Address of the external device that will respond to ARP requests regarding the state of the primary MCN appliance 10 Click Apply This adds the new High Availability configuration settings to the MCN site configuration ...

Страница 116: ... security and encryption do the following Note Enabling Virtual WANsecurity and encryption is optional 1 At the top of the Global tree of the Configuration Editor click to the left of the Virtual WAN Network Settings branch This opens the branch and displays the Global Security Settings configuration form 2 Click Edit pencil icon to enable editing for the form 3 Enter your global security settings ...

Страница 117: ...e encrypted traffic to verify that the message is delivered unaltered Extended Packet Authentication Trailer Type This is the type of trailer used to validate packet contents Select one of the following from the drop down menu 32 Bit Checksum or SHA 256 4 Click Apply to apply your settings to the configuration This completes the configuration of the MCN site The next step is to name and save the new ...

Страница 118: ...configuration when you resume Instructions for opening a saved configuration are provided in the section Loading a Saved Configuration Package into the Configuration Editor Warning If the Console session times outor you log outof the ManagementWeb Interface before saving your configuration any unsaved configuration changes will be lost You mustthen log back into the system and repeatthe configuration pro...

Страница 119: ...ion to log outof the ManagementWeb Interface and continue the configuration process ata later time However if you log out you will need to reopen the saved configuration when you resume Instructions are provided in the section Loading a Saved Configuration Package into the Configuration Editor You have now completed the MCN site configuration and created a new SD WAN configuration package You are now re...

Страница 120: ...figuration to your local PC To export the current configuration package to your PC do the following 1 Click Export This displays the Export Configuration dialog box 2 Select File Download from the Destination drop down menu This reveals the Include Network Map option which is selected by default 3 Accept the default and click Export This includes the Network Map information in the configuration packag...

Страница 121: ...o your PC Note To recover a backed up configuration package you can use an Import operation to importthe package from your PC and load it into the Configuration Editor You can then save the imported package to your ManagementWeb Interface workspace for future use Instructions are provided in the section Importing a Backed up Configuration Package into the Configuration Editor ...

Страница 122: ... the top of the page to open the Configuration navigation tree left pane b In the navigation tree click to the left of the Virtual WAN branch to open that branch c In the Virtual WAN branch select Configuration Editor This opens the Conf iguration Editor main page for a new session If you have just logged back into the Management Web Interface the Configuration Editor initially opens for a new sessio...

Страница 123: ...ed depending on the number of configurations you have saved to your workspace If so in the interim the Saved Packages menu field mightdisplay the message No saved packages If this occurs click Cancel to close the dialog box waita few moments and click Open again to reopen the dialog box 4 Click Open Note This opens the specified Configuration Package and loads itinto the Configuration Editor for editin...

Страница 124: ...can also import an existing Configuration Package from the global Change Management inbox on the current MCN Instructions for both of these procedures are provided below To import a Configuration Package do the following 1 Open the Configuration Editor To open the editor do the following a Select the Configuration tab at the top of the page to open the Configuration navigation tree left pane b In the n...

Страница 125: ...l PC Select the file and click OK 4 Select the import destination if applicable If a Configuration Package is already open in the Configuration Editor then the Import to drop down menu will be available Select one of the following options Current Package Select this to replace the contents of the currently opened Configuration Package with the contents of the imported package and retain the name of th...

Страница 126: ...Maps drop down menu will be available Select one of the following options Current Package This retains the network maps currently configured in the package currently open in the Configuration Editor and discards any network maps from the imported package New Package This replaces the network maps currently configured in the currently open package with the network maps if any from the imported package...

Страница 127: ...e The package name is saved to your workspace at this time but the package contents will not be saved to your workspace until you explicitly save the package Select Allow Overwrite to confirm that you want to retain the existing name and enable overwriting of the contents of the saved package However the contents of the saved version of the current package will not be overwritten until you explicit...

Страница 128: ...ion to this guide the following CloudBridge Knowledge Base support articles are also recommended CloudBridge Virtual WAN PBR Mode Deployment Steps CTX201577 http support citrix com article CTX201577 CloudBridge Virtual WAN Gateway Mode Deployment Steps CTX201576 http support citrix com article CTX201576 The steps to complete this process are as follows 1 Add the branch site 2 Configure the Virtual ...

Страница 129: ... 1999 2017 Citrix Systems Inc All rights reserved p 129 https docs citrix com 9 Resolve any configuration Audit Alerts 10 Save the completed configuration ...

Страница 130: ...x for selecting the configuration you wantto modify 1 Continuing in the Configuration Editor click Add in the Sites bar to begin adding and configuring the new branch site This displays the Add Site dialog box 2 Enter the following site information Note Entries cannotcontain spaces and mustbe in Linux format Site Name Enter a name for the site Appliance Name Enter the name you want to assign to the a...

Страница 131: ... client as the mode 3 Click Add to add the site This adds the new site to the Sites tree and opens the Basic Settings configuration form for the site 4 Click the Edit pencil icon to enable editing for the form 5 Enter the basic settings for the site and click Apply The next step is to add and configure the Virtual Interface Groups for the new site ...

Страница 132: ...Groups for the site To add a Virtual Interface Group to the new site do the following 1 In the Sites navigation tree click next to the name of the site you just added This opens the configuration branches for the new site 2 Click to the left of the Interf ace Groups branch This displays the Interf ace Groups table for the site 3 Click to the right of Interf ace Groups This adds a new blank group en...

Страница 133: ...p down menus The Bypass Mode specifies the behavior of bridge paired interfaces in the Virtual Interface Group in the event of an appliance or service failure or restart The options are Fail to Wire or Fail to Block 6 Select the Security Level from the drop down menu This specifies the security level for the network segment of the Virtual Interface Group The options are Trusted or Untrusted Trusted ...

Страница 134: ...tedge of the tree area When the cursor changes to a bi directional arrow click and drag the bar to the rightor leftto grow or shrink the pane width 8 Click to the right of Virtual Interf aces This opens the Name and VLAN ID fields for editing 9 Enter the Name and VLAN ID for this Virtual Interface Group 10 Click to the right of Bridge Pairs This adds a new Bridge Pairs entry and opens it for editin...

Страница 135: ...al Interface Group to the table Note Atthis stage you will see a yellow delta AuditAlerticon to the rightof the new Virtual Interface Group entry This is because you have notyetconfigured any Virtual IP Addresses VIPs for the site For now you can ignore this alert as itwill be resolved automatically when you have properly configured the VIPs for the site 13 To add more Virtual Interface groups click...

Страница 136: ...Virtual IP Addresses for the site and assign them to the appropriate group 1 Continuing in the site tree for the new site click to the left of the Virtual IP Addresses branch This displays the Virtual IP Addresses table for the new site 2 Click to the right of the Virtual IP Addresses branch to add an address This opens the form for adding and configuring a new Virtual IP Address ...

Страница 137: ...associated The Virtual IP Address must include the full host address and netmask Note You can click again to add more Virtual IP Address entries before applying your settings 4 Click Apply This adds the address information to the site configuration and includes it in the site Virtual IP Addresses table 5 To add more Virtual IP Addresses click to the right of the Virtual IP Addresses branch and proc...

Страница 138: ...AN GRE Tunnel termination node you can skip this step and proceed to the section Configuring the WAN Links for the Branch Site To configure a LAN GRE Tunnel for the branch site do the following 1 Continuing in the site tree for the new branch site click to the left of the LAN GRE Tunnels branch label This opens the LAN GRE Tunnels table for the new site 2 Click to the right of the LAN GRE Tunnels Th...

Страница 139: ...terface Groups for the Branch Site and Configuring the Virtual IP Addresses for the Branch Site Destination IP Enter the destination IP Address for the tunnel Tunnel IP Prefix Enter the tunnel IP Address and prefix Checksum Select this to enable Checksum for the tunnel GRE header Keepalive Period s Enter the wait time interval in seconds between keepalive messages If configured to 0 no keepalive packe...

Страница 140: ...branch Note Atthis pointin a new configuration there are no WANlinks to form a table and therefore no Open icon to the leftof the WAN Links branch label However if links exist the icon is available If so you can click to the leftof the WAN Links branch to display the table This also reveals the Add Edit pencil Delete trashcan and Help active icons to the rightof the WAN Links branch 2 Click to the ...

Страница 141: ...site name appended with the following suffix WL number Where number is the number of WAN Links for this site incremented by one 4 Select the Access Type from the drop down menu The options are Public Internet or Private Intranet 5 Click Add This displays the WAN Links table adds the new un configured link to the table and opens the Basic Settings configuration form for the link ...

Страница 142: ...e configuration of the new WANlink 6 Click the Edit pencil icon to the right of the Settings branch to enable editing of the form This enables editing for the form and reveals the Apply and Close buttons 7 Enter the path information for the new WAN link Some guidelines are as follows Some Internet links might be asymmetrical Misconfiguring the permitted speed can adversely affect performance for tha...

Страница 143: ... rights reserved p 143 https docs citrix com This opens the Advanced Settings form for the link 9 Enter the Advanced Settings for the link 10 Click the grey Eligibility section bar This opens the Eligibility settings form for the link ...

Страница 144: ...e grey Metered Link section bar This opens the Metered Link settings form for the link 13 Optional Select Enable Metering to enable metering for this link This displays the Enable Metering settings fields 14 Configure the metering settings for the link Enter the following Data Cap MB Enter the data cap allocation for the link in megabytes ...

Страница 145: ... resort for forwarding production traffic 15 Click Apply This applies your specified settings to the new WAN link The next step is to configure the Access Interfaces for the new WAN link An Access Interface consists of a Virtual Interface WAN endpoint IP Address Gateway IP Address and Virtual Path Mode defined collectively as an interface for a specific WAN link Each WAN link must have at least one Acc...

Страница 146: ... is the Virtual Interface this Access Interface will use Select an entry from the drop down menu of Virtual Interfaces configured for this branch site IP Address This is the IP Address for the Access Interface endpoint from the appliance to the WAN Gateway IP Address This is the IP Address for the gateway router Virtual Path Mode This specifies the priority for Virtual Path traffic on this WAN link T...

Страница 147: ... 1999 2017 Citrix Systems Inc All rights reserved p 147 https docs citrix com site The next step is to add and configure the routes for the site ...

Страница 148: ...tes for the site do the following 1 Continuing in the site tree for the new site click to the left of the Routes branch This displays the Routes table for the site 2 Click to the right of the Routes branch to add a route This opens the Routes table for editing and adds a blank route entry to the table 3 Enter the route configuration information and click Apply ...

Страница 149: ...efore proceeding with the next phase of the deployment A list of these steps and links to instructions are provided below If you do not want to configure these features at this time you can proceed directly to Preparing the Virtual WAN Appliance Packages on the MCN The optional steps are as follows Configure High Availability High Availability refers to a configuration in which two Virtual WAN Applia...

Страница 150: ...tree click to the left of the High Availability branch for the new site This displays the High Availability configuration form 2 Click Edit pencil icon to the right of the High Availability branch to enable editing of the form 3 Select the Enable High Availability check box This enables High Availability for the site and enables the first level of fields for configuring A red asterisk indicates a requ...

Страница 151: ...is specifies the wait time in milliseconds after contact with the primary client appliance is lost before the standby client appliance becomes active Shared Base MAC This is the shared MAC Address for the HA pair appliances Swap Primary Secondary checkbox When this is selected if both appliances in the HA pair come up simultaneously the secondary client appliance becomes the primary client applianc...

Страница 152: ... HA appliance pair Primary This is the unique Virtual IP Address for the primary client appliance for this site The secondary appliance uses this for communication with the primary client appliance Secondary This is the unique Virtual IP Address for the secondary client appliance for this site The primary appliance uses this for communication with the secondary client appliance 7 Click to the left...

Страница 153: ...x com 8 Click to the right of External Tracking This adds a new blank entry to the table and opens it for editing 9 Enter the External Tracker IP Address Enter the IP Address of the external device that will respond to ARP requests regarding the state of the primary client ...

Страница 154: ... 1999 2017 Citrix Systems Inc All rights reserved p 154 https docs citrix com appliance 10 Click Apply This adds the new High Availability configuration settings to the branch site configuration ...

Страница 155: ...nes the process of adding and configuring additional branch nodes When a site is cloned the entire set of configuration settings for the site are copied and displayed in a single form page You can then modify the settings according to the requirements of the new site Some of the original settings can be retained where applicable However most of the settings must be unique for each site To clone a si...

Страница 156: ...ip To further streamline the cloning process use a consistent pre defined naming convention when naming the clones 4 Resolve any Audit Alerts To diagnose an error roll your cursor over the Audit Alert icon red dot or goldenrod delta to reveal bubble help for that specific alert 5 Click Clone far right corner to create the new site and add it to the Sites table Note The Clone button remains unavailab...

Страница 157: ...overwriting the wrong configuration package Be sure to selectAllow Overwrite before saving to an existing configuration or you changes will notbe saved Repeat the steps up to this point for each branch site you want to add After you have finished adding all of the sites the next step is to check the configuration for Audit Alerts and make corrections or additions as needed ...

Страница 158: ...the number of associated errors for that alert To see bubble help for a particular alert roll your cursor over the alert icon This displays a brief description of the specific errors flagged by that alert You must resolve all Audit Alerts in the configuration or you will not be able to verify stage and activate the configuration package later in the deployment process Resolving all of the Audit Alerts...

Страница 159: ... unsaved configuration changes will be lost You mustthen log back into the system and repeatthe configuration procedure from the beginning For thatreason itis strongly recommended thatyou save the configuration package often or atkey points in the configuration Note As an extra precaution itis recommended thatyou use Save As rather than Save to avoid overwriting the wrong configuration package To save ...

Страница 160: ...f the ManagementWeb Interface and continue the configuration process ata later time However if you log out you will need to reopen the saved configuration when you resume Instructions are provided in the section Loading a Saved Configuration Package into the Configuration Editor The next step is to configure the Virtual Paths and Virtual Path Service between the MCN and the client sites Instructions ar...

Страница 161: ...orts HA In HA configuration one SD WAN appliance at the site is designated as the Active appliance and is continuously monitored by the Standby appliance Configuration is mirrored across both appliances If the Standby appliance loses connectivity with the Active appliance for a defined period the Standby appliance assumes the identity of the Active appliance and takes over the traffic load Depending o...

Страница 162: ... 1999 2017 Citrix Systems Inc All rights reserved p 162 https docs citrix com 2 After a site is configured the HA appliance and interface groups are configured ...

Страница 163: ... box 3 Configure interface groups by clicking the next to HA IP Interfaces From the Virtual Interface drop down menu select the desired interface This interface monitors the Active appliance for reachability For One Arm HA mode only one interface group is required 4 Select the Primary and Secondary IP address 5 For Inline HA mode additional interface groups are required for External Tracking to mon...

Страница 164: ...017 Citrix Systems Inc All rights reserved p 164 https docs citrix com For Network Adapter details of Active and Standby HA appliances navigate to Configuration Appliance Settings Network Adapters Ethernet tab ...

Страница 165: ...N appliances do not reside in the data network subnets The virtual path traffic does not have to traverse the PBR and avoids route loops The SD WAN appliance and router have to be directly connected either through an Ethernet port or be in the same VLAN IP SLA Monitoring for Fall Back The active traffic will flow even if the virtual path is down as long as one of the SD WAN appliances is active The S...

Страница 166: ...work infrastructure For example switch port failure to direct HA state change if needed If both active and standby SD WAN appliances are disabled or fail a tertiary path can be used directly between the switch and router This path must have a higher spanning tree cost than the SD WAN paths so that it is not used under normal conditions Failover in parallel inline HA mode is very quick and nearly h...

Страница 167: ...tion between the appliances fails both appliances will go into Active state and cause a service interruption This can be mitigated by assigning multiple HA connections so thatthere is no single pointof failure Itis imperative thatin HA Fail to Wire Mode a separate portbe used in the hardware appliance pairs for HA control exchange mechanism to assitin state convergence Due to a physical state chan...

Страница 168: ...orward a high volume of traffic to minimize disruption during failover If minimal loss of service is acceptable during a failover then Fail to Wire HA mode is a better solution The Fail to Wire HA mode protects against appliance failure and parallel inline HA protects against all failures In all scenarios HA is valuable to preserve the continuity of SD WAN network during a system failure ...

Страница 169: ...ou get familiarized with using NetScaler SD WAN web interface installing required appliance packages connecting appliances and setting up the SD WAN network NetScaler SD WAN Management Web Interface Installing the Virtual WAN Appliance Packages Preparing the Virtual WAN Appliance Packages Connecting the Client Appliances to Your Network Setting up the SD WAN Appliances ...

Страница 170: ... terminating the session Main menu bar This is the light blue bar displayed below the title bar on every Management Web Interface screen This contains the section tabs for displaying the navigation tree and pages for a selected section Section tabs The section tabs are located in the blue main menu bar at the top of the page These are the top level categories for the Management Web Interface pages...

Страница 171: ...ese are usually located at the top of the page area just below the breadcrumbs display In some cases as for the Change Management wizard tabs are located in the left pane of the page area between the navigation tree and the work area of the page Page area resizing For some pages you can grow or shrink the width of the page area or sections of it to reveal additional fields in a table or form Where ...

Страница 172: ...ashboard section tab to display basic information for the local appliance The Dashboard page displays the following basic information for the appliance System status Virtual Path service status Local appliance software package version information The below figure shows a sample Master Control Node MCN appliance Dashboard display ...

Страница 173: ... 1999 2017 Citrix Systems Inc All rights reserved p 173 https docs citrix com The below figure shows a sample client appliance Dashboard display ...

Страница 174: ...or do the following 1 Log into the Management Web Interface on the MCN appliance 2 Select the Configuration tab 3 In the navigation tree click next to the Virtual WAN branch in the tree This displays the available pages for the Virtual WAN category 4 In the Virtual WAN branch of the tree select Configuration Editor The below figure outlines the basic navigation and page elements of the Configuration...

Страница 175: ...n the right border of the main page area pane and is available in most of the Configuration Editor pages You can use the resize bar to grow or shrink the width of the page area to reveal or truncate content in a table tree or form Roll your cursor over the resize bar until the cursor changes to a bi directional arrow Then click and drag the bar to the right or left to grow or shrink the area width ...

Страница 176: ...e 2 Select the Configuration tab 3 In the navigation tree click next to the Virtual WAN branch in the tree 4 In the Virtual WAN branch select Change Management This displays the first page of the Change Management wizard the Change Process Overview page as shown in the below figure 5 To start the wizard click Begin For complete instructions on using the wizard to upload stage and activate the SD WAN...

Страница 177: ...ance model and site A package in this context is a Zip file bundle containing the appropriate NetScaler SD WAN software package for that appliance model and the specified configuration package The Configuration Filenames section above the table shows the package name for the current active and staged packages on the local appliance Active Staged download links These are located in the Download Package...

Страница 178: ...uration on a client appliance do the following 1 On a connected PC open a browser and log onto the MCN appliance Management Web Interface Enter the Management IP Address for the MCN in the browser address field This displays the Management Web Interface Dashboard page for the MCN appliance 2 Select the Configuration tab 3 In the navigation pane on the left select Virtual WAN and then select Change M...

Страница 179: ...ing the download location on the local PC displays 5 Select the download location and click OK 6 Optional After the download completes log out of the MCN Management Web Interface 7 Open a browser and enter the IP Address for the client to which you want to upload the Appliance Package Zip file Note Please ignore any browser certificate warnings for the CloudBridge ManagementWeb Interface This opens ...

Страница 180: ...oldenrod AuditAlerticon with a status message indicating thatthe Virtual WANService is currently inactive or disabled You can ignore this alert for now The alertwill remain on the Dashboard page until you manually startthe service after completing the installation 9 Select the Configuration tab 10 Open the System Maintenance branch in the navigation tree left pane and select Local Change Management...

Страница 181: ...t to upload to the client 12 Navigate to the SD WAN Appliance Package Zip file you just downloaded from the MCN select it and click OK 13 Click Upload The upload process takes a few seconds to complete When completed a status message displays left middle of page stating Upload complete 14 Click Next This uploads the specified software package and displays the Local Change Management Activation page ...

Страница 182: ...is displays a dialog box prompting you to confirm the activation operation 16 Click OK This activates the newly installed package and if this is not an initial deployment starts the Virtual WAN Service on the client appliance This process takes several seconds during which a progress status message displays ...

Страница 183: ...turn to the Management Web Interface Dashboard page If this is not an initial deployment this page should now display updated information for the currently active version of the software package the OS partition and the status of the CloudBridge Virtual Path If this is an initial installation there will be a goldenrod Audit Alert icon along with a status message indicating that the Virtual WAN Ser...

Страница 184: ...rix com The below figure shows a sample client Dashboard page displaying the alert icon and status message The final step to complete an initial SD WAN deployment is to enable the Virtual WAN Service Instructions are provided in the section Enabling the Virtual WAN Service ...

Страница 185: ...rst export the completed configuration package from the Configuration Editor to the global Change Management staging inbox on the MCN Instructions are provided in the section Exporting the Configuration Package to Change Management 2 Generate and stage the Appliance Packages After you have added the new configuration package to the Change Management inbox you can generate and stage the Appliance Packa...

Страница 186: ...Before you can generate the Appliance Packages you must first export the completed configuration package to the Management Web Interface Change Management system To export the configuration package to Change Management do the following 1 In the Configuration Editor page click Export at the top of the page This opens the Export Configuration dialog box ...

Страница 187: ...he success message to go directly to the Change Preparation Upload and Verify Files page second page of the Change Management wizard You will need to navigate to this page to perform the nextstep in the configuration process However the success message displays for only a few seconds after which you mustuse the navigation tree to open the wizard and then step through to this page Instructions are p...

Страница 188: ...enerated for each appliance model in your network Note If you have notalready downloaded the required SD WANsoftware packages to a PC connected to your network you will need to do so now For information on acquiring and downloading the software see the section Acquiring the SD WANSoftware Packages To upload and install the package and configuration to the MCN do the following 1 Log into the Managem...

Страница 189: ...9 2017 Citrix Systems Inc All rights reserved p 189 https docs citrix com 4 Click Begin This displays the Change Preparation page for uploading and verifying the specified configuration and software package s ...

Страница 190: ...kages For each SD WAN software package you want to deploy do the following a Click Choose File next to the Upload Item field This opens a file browser for selecting a SD WAN software package to upload b Select a SD WAN software package and click OK Navigate to the SD WAN software packages you downloaded earlier to the local PC and select the package to upload c Click Upload d Repeat steps a through ...

Страница 191: ...7 Citrix Systems Inc All rights reserved p 191 https docs citrix com 8 Click OK This dismisses the Verification page and proceeds to the License page 9 Select I accept the End User License Agreement and click OK ...

Страница 192: ...ed to update this configuration after ithas been deployed and Virtual Path communication is in effect you can skip this step In such a case the configuration will be automatically distributed from the MCNto all active remote clients by means of the existing Virtual Path 11 Click Stage Appliances This initiates the following actions Transfers the selected software package and configuration to the MCN ...

Страница 193: ...te Appliance Packages to the deployed clientnodes and initiates staging on those nodes However if you are adding new clientnodes to an existing Virtual WAN deployment you still mustmanually upload stage and activate the appropriate Appliance Package on each new client as outlined in the remaining steps in this manual A goldenrod Transfer Progress status bar displays as the transfer proceeds When t...

Страница 194: ...n initial configuration or you are updating or replacing an existing configuration as follows If you are updating or changing the configuration on an existing deployment To complete the activation do the following a Click OK If this is not an initial configuration this activates the new configuration and the appropriate Appliance Package on the MCN appliance The appropriate Appliance Package is then di...

Страница 195: ...oard page where you can view the activation results c Proceed to one of the following If you are not adding any new nodes to your SD WAN this completes the preparation distribution and activation of the new Appliance Packages in your SD WAN You can proceed directly to Enabling the Virtual WAN Service If you want to add new client nodes to your SD WAN please proceed to Connecting the Client Applian...

Страница 196: ...K This displays a dialog box prompting you to confirm the copy operation b Click OK This copies the package to the local Appliance Staging area and displays a progress status message After a few seconds the copy operation completes and the Local Change Management Activation screen displays ...

Страница 197: ...avigation pane thatyou are still located within the global Change Management wizard even though you are activating the configuration package on the local MCNappliance c Click Activate Staged This displays a dialog box asking you to confirm the activation operation d Click OK This initiates activation of the staged configuration package This process takes several seconds during which a progress status...

Страница 198: ...98 https docs citrix com When the activation completes a status message displays stating Activation complete and the Done button is enabled e Click Done This proceeds to the Management Web Interface Dashboard page where you can view the activation results ...

Страница 199: ...nrod delta and a status message stating that the Virtual WAN Service is currently disabled You can ignore this Audit Alert for now This alert will be resolved when you complete the final step enabling the Virtual WAN Service You have now completed the preparation of the SD WAN Appliance Packages on the MCN Proceed to Connecting the Client Appliances to Your Network ...

Страница 200: ...ant to add to your SD WAN you will need to do the following Note Instructions for each of these tasks are provided in Setting up the SD WANAppliances a Set up the SD WAN Appliance hardware and any SD WAN VPX Virtual Appliances SD WAN VPX SE you will be deploying b Set the Management IP Address for the appliance and verify the connection c Set the date and time on the appliance d Upload and install...

Страница 201: ...2 Set the Management IP Address for the appliance and verify the connection 3 Set the date and time on the appliance 4 Set the console session Timeout threshold to a high or the maximum value Warning If your console session times outor you log outof the ManagementWeb Interface before saving your configuration any unsaved configuration changes will be lost You mustthen log back into the system and re...

Страница 202: ...nnect the appliance to a PC in preparation for completing the next procedure setting the Management IP Address for the appliance Note Before you connectthe appliance make sure the Ethernetportis enabled on the PC Use an Ethernetcable to connectthe SD WAN Appliance ManagementPortto the defaultEthernetporton a personal computer NetScaler SD WAN 400 SE Management Port The NetScaler SD WAN 400 SE Mana...

Страница 203: ...ler SD WAN 4000 SE Management Port The NetScaler SD WAN 4000 SE Management Port is the bottom left port labeled 0 1 on the front of the chassis The default IP Address for the Management Port is 192 168 100 1 The below figure shows the location of the NetScaler SD WAN 4000 SE Management Port NetScaler SD WAN 5100 SE Management Port The NetScaler SD WAN 5100 SE Management Port is the bottom left port...

Страница 204: ... a Virtual Machine so there is no physical Management Port However if you did not configure the Management IP Address for the SD WAN VPX SE when you created the VPX Virtual Machine you will need to do so now as outlined in the section Configuring the Management IP Address for the SD WAN VPX SE Also see the section Setting the Management IP Addresses for the Appliances ...

Страница 205: ...ere you can set the Management IP Address for that appliance The Management IP Address must be unique for each appliance The procedures are different for setting the Management IP Address for a hardware SD WAN Appliance and a VPX Virtual Appliance NetScaler SD WAN VPX SE For instructions for configuring the address for each type of appliance see the following SD WAN VPX Virtual Appliance See the se...

Страница 206: ...are using to connectto the appliance 2 Record the current Ethernet port settings for the PC you will be using to set the appliance Management IP Address You will need to change the Ethernet port settings on the PC before you can set the appliance Management IP Address Be sure to record the original settings so you can restore them after configuring the Management IP Address 3 Change the IP Address ...

Страница 207: ...ance as shown in the below figure 6 Enter the Administrator user name and password and click Login Default Administrator user name admin Default Administrator password password Note Itis strongly recommended thatyou change the defaultpassword as soon as possible Be sure to record the password in a secure location as password recovery mightrequire a configuration reset After you have logged into the ...

Страница 208: ... and completed the configuration and deployment process for the appliance Below figure shows a sample Dashboard after the Virtual WAN has been fully configured and deployed 7 In the main menu bar select the Configuration section tab This displays the Configuration navigation tree in the left pane of the screen The Configuration navigation tree contains the following three primary branches Appliance Sett...

Страница 209: ...reserved p 209 https docs citrix com 8 In the Appliance Settings branch of the navigation tree select Network Adaptors This displays the Network Adaptors settings page with the IP Address tab preselected by default as shown in the below figure ...

Страница 210: ...ess Note The ManagementIP Address mustbe unique for each appliance 10 Click Change Settings A confirmation dialog box displays prompting you to verify that you want to change these settings 11 Click OK 12 Change the network interface settings on your PC back to the original settings Note Changing the IP Address for your PC automatically closes the connection to the appliance and terminates your log...

Страница 211: ...work 14 Test the connection On a PC connected to your network open a browser and enter the Management IP Address you just configured for the appliance If the connection is successful this displays the Login screen for the NetScaler SD WAN Management Web Interface on the appliance you just configured Tip After verifying the connection do notlog outof the ManagementWeb Interface You will be using itto...

Страница 212: ...etwork To set the date and time do the following 1 Log into the Management Web Interface on the appliance you are configuring 2 In the main menu bar select the Configuration tab This displays the Configuration navigation tree in the left pane of the screen 3 Open the System Maintenance branch in the navigation tree 4 Under the System Maintenance branch select Date Time Settings This displays the D...

Страница 213: ...th day and year from the Date field drop down menus 9 Select the hour minutes and seconds from the Time field drop down menus 10 Click Change Date Note This updates the date and time setting butdoes notdisplay a success Alerticon or status message The next step is to set the console session Timeout threshold to the maximum value This step is optional but strongly recommended This prevents the sessio...

Страница 214: ... that you set the console session Timeout interval to a high value when creating or modifying a configuration package or performing other complex tasks The default is 60 minutes the maximum is 9999 minutes For security reasons you should then reset it to a lower threshold after completing those tasks To reset the console session Timeout interval do the following 1 Select the Configuration tab and th...

Страница 215: ... usually much too brief for an initial configuration session Note For security reasons be sure to resetthis value to a lower interval after completing the configuration and deployment 4 Click Change Timeout This resets the session Timeout interval and displays a success message when the operation completes After a brief interval a few seconds the session is terminated and you are automatically logge...

Страница 216: ...ems Inc All rights reserved p 216 https docs citrix com 5 Enter the Administrator user name admin and password password and click Login The next step is to upload and install the SD WAN software license file on the appliance ...

Страница 217: ...ocedures In general it is recommended that you complete the licensing procedure now as it will simplify both tasks For each appliance you want to add to your network do the following 1 If you have not already done so download the license file to the PC you will be using to log into to the appliance For information about obtaining licenses see the section Licensing 2 Log into the Management Web Inte...

Страница 218: ... 1999 2017 Citrix Systems Inc All rights reserved p 218 https docs citrix com 4 In the Appliance Settings branch select Licensing This displays the Licensing page 5 Click Choose File ...

Страница 219: ...7 Click Apply Settings When the operation completes the Licensing page refreshes and the new license information displays in the License Status section You have now completed the process of setting up the appliance Repeat these steps for each appliance you want to add to your SD WAN Note If you have notalready downloaded the NetScaler SD WANsoftware packages to a PC connected to your network pleas...

Страница 220: ...le is disconnected DHCP service is down for the connected network Expected behavior Appliances with DHCP service enabled will retry DHCP request every 300 seconds default value The actual interval is approximately 7 minutes Therefore appliances with DHCP service enabled will acquire DHCP addresses within 7 minutes after DHCP server s become available The delay ranges from 0 to 7 minutes Assigned D...

Страница 221: ...tps docs citrix com and CLI It is updated after the reboot process is completed Recommendation Always assign permanent lease for DHCP addresses assigned to SD WAN appliances physical virtual This will allow appliances to have predictable management IP address ...

Страница 222: ...ration Dec 14 2016 The following topics provide information about how to configure Virtual path service between MCN and branch sites and enabling WAN optimization Configuring Virtual WAN service Configuring virtual path between MCN and branch sites Enabling and configuring WAN optimization ...

Страница 223: ... distribution are also secure Authentication between sites functions by means of the Virtual WAN Configuration The network configuration has a secret key for each site For each Virtual Path the network configuration generates a key by combining the secret keys from the sites at each end of the Virtual Path The initial key exchange that occurs after a Virtual Path is first set up is dependent upon the ...

Страница 224: ... the Virtual WAN Service is enabled a status message to that effect displays in the top section of the page Note This page also presents options for enabling disabling specific paths and Virtual Paths in your network as well as an option to purge all flows This completes the installation and activation of the SD WAN on the MCN and branch site client appliances You can now ...

Страница 225: ... 1999 2017 Citrix Systems Inc All rights reserved p 225 https docs citrix com use the Monitoring pages to verify the activation and diagnose any existing or potential configuration issues ...

Страница 226: ...onfiguration tree of the Configuration Editor To configure the Virtual Path Service between the MCN and a client site do the following 1 Continuing in the Configuration Editor click the Connections section heading This reveals the Connections section configuration tree 2 Click to the left of the MCN site name in the Connections section tree This opens the MCN site branch in the Connections configuration...

Страница 227: ...shold is reached Dynamic Virtual Paths are not required for normal operation so configuring this section is optional MCN_Site_Name _ Client_Site_Name The system initially automatically adds a static Virtual Path between the MCN and a client site as this Virtual Path is required The name for the path uses the following form MCN_Site_Name _ Client_Site_Name Where MCN_Site_Name is the name of the MCN ...

Страница 228: ...e of a remote site As for the Local Site section you can also view customize and add Class or Rules as required for this specific Virtual Path You can also add Virtual Paths to the remote site as needed Paths This section provides settings and forms for configuring the Virtual Paths and Virtual Path Service between the MCN and the client site The below figure shows an example MCN static Virtual Path ...

Страница 229: ...abel This displays the Add Path dialog box configuration form 7 Specify the source and destination site information for the new Virtual Path Specify the following from the available drop down menus Note Depending on how the WANlinks are configured for the sites some fields will be read only Fields thatare configurable provide a ...

Страница 230: ...ion site for the Virtual Path To WAN Link This is the destination WAN link for the Virtual Path 8 Click Add This adds the configured Virtual Path to both the MCN and the associated client site in the Connections tree This also automatically opens the Paths settings configuration form for the From Site for the Virtual Path in this case the MCN 9 Click Edit pencil icon to the right of the MCN to clien...

Страница 231: ...he loss of bandwidth is intolerable Custom Select Custom to specify the percentage of loss over time required to mark a path as BAD Selecting this option reveals the following additional settings Percent Loss This specifies the percentage of loss threshold before a path is marked BAD as measured over the specified time By default the percentage is based on the last 200 packets received Over Time m...

Страница 232: ... and configuring all of the Virtual Paths to and from the MCN click the minus sign to the left of the MCN branch label to close the branch Next you have the option of customizing the Virtual Paths configurations for the client sites as well as adding and configuring additional paths between clients Instructions are provided in the remaining steps below 14 Click to the left of the client site branch l...

Страница 233: ... Path you want to configure d Click to the left Paths The below figures shows an example Paths settings form for the new From Site path added in the previous steps 16 Configure the settings for each path you want to customize Follow the same steps as you did to configure the Virtual Paths for the MCN site 17 Optional Click the minus sign to the left of the client site branch label This closes the confi...

Страница 234: ...e you can proceed to the appropriate step indicated below The next step depends on the SD WAN Edition license you have activated for your deployment as follows SD WAN Enterprise Edition The Enterprise Edition includes the full set of WAN Optimization features If you want to configure WAN Optimization for your sites please proceed to the Enabling and Configuring WAN Optimization topic Otherwise you c...

Страница 235: ...ible for WAN Optimization The Defaults configuration comes pre configured and can be customized Note For instructions see Enabling Optimization and Configuring DefaultSettings 2 Optional Customize the WAN Optimization configuration for each of the individual branch sites or accept the Defaults sets and settings for each By default the Defaults configuration is initially applied to each branch site that...

Страница 236: ...ee Each branch in the tree contains the following child branches which in turn contain one or more forms for configuring their respective sets and settings Defaults Features Defaults Tuning Settings Defaults Application Classifiers set Defaults Service Classes set The below figure shows a simple example of the top and second levels of the Optimization section configuration tree In this example the bra...

Страница 237: ...n the new configuration package and configure the Defaults sets and settings The Optimization section Defaults sets and settings are categorized as follows Defaults Features Defaults Tuning Settings Defaults Application Classifiers set Defaults Service Classes set The following sections provide instructions for enabling WAN Optimization and configuring each of these Defaults sets and settings ...

Страница 238: ...Virtual WAN configuration and then generate stage and activate the Virtual WAN Appliance Packages on the eligible sites in your deployment as outlined in the subsequent chapters of this guide To enable WAN Optimization and configure the Defaults section Features settings do the following 1 If necessary log back into the Management Web Interface and open the Configuration Editor To open the Configurati...

Страница 239: ...atures For details and instructions see the following sections The SD WAN Editions Licensing Uploading and Installing the Virtual WAN Software License File 3 Click the Optimization section heading This opens the Configuration Editor Optimization section tree The Optimization section tree contains a branch for the Defaults settings and a branch for each eligible client node branch site in the curren...

Страница 240: ...t of the Features branch label This opens the default Features configuration form 6 Click Edit pencil icon to the right of the Features branch label to enable editing of the form 7 Select the WAN Optimization checkbox The WAN Optimization checkbox is in the upper left corner of the WAN Optimization Features section at the top of the form Select the checkbox to select WAN Optimization for enabling T...

Страница 241: ...completed the entire Virtual WANconfiguration and then generated staged distributed and activated the Virtual WANAppliance Packages on the eligible sites in your Virtual WAN The below figure shows the Defaults section Features configuration form with WAN Optimization enabled and the Apply and Revert buttons revealed 8 Configure the Features settings Click a checkbox to select or deselect an option You...

Страница 242: ...ect this to enable cross protocol optimization of Microsoft Outlook MAPI traffic SSL Optimization Select this to enable optimization for traffic streams with SSL encryption RPC Over HTTP Select this to enable optimization of Microsoft Exchange traffic that uses RPC over HTTP User Data Store Encryption Select this to enable enhanced security of data through the encryption of WAN Optimization compressi...

Страница 243: ...on Editor click to the left of the Tuning Settings branch label This opens the Defaults section Tuning Settings configuration form 2 Click Edit pencil icon to enable editing of the form 3 Select and configure the Tuning Settings The Tuning Settings options are as follows Maximum MSS Enter the maximum size in bytes for the Maximum Segment Size MSS for a TCP segment Default MSS Enter the default size ...

Страница 244: ...conds to specify the amount of idle time permitted before an idle connection is terminated You must first select Enable Connection Timeout before this field can be configured 4 Click Apply This applies the modified Tuning Settings to the Defaults configuration The next step is to configure the default set of WAN Optimization Application Classifiers ...

Страница 245: ...gure the default set of WAN Optimization Application Classifiers do the following 1 Open the Application Classifiers table Continuing in the Defaults branch of the Optimization section of the Configuration Editor click next to the Application Classifiers branch This opens the Application Classifiers table displaying the default set of Application Classifiers ...

Страница 246: ...sifier settings you configure are automatically applied as the defaults to any branch site included in the Optimization section tree Note You can also customize the Application Classifiers setand settings for each specific branch site For instructions see the section Configuring Optimization for a Branch Site 2 To configure an existing Application Classifier click Edit pencil icon in the Edit column of t...

Страница 247: ...rom the list Select it in the Configured list on the right and then click the Remove left arrow To remove all of the Application Groups from the list at once click the Remove All double left arrow 5 Click Apply This applies your changes to the Application Classifier and dismisses the Edit configuration form 6 Optional Customize the default Application Classifiers set You can add or delete Application ...

Страница 248: ...row to add the group to the Configured list on the right To add all of the Application Groups to the list at once click the Add All double right arrow To remove an Application Group from the list Select it in the Configured list on the right and then click the Remove left arrow To remove all of the Application Groups from the list at once click the Remove All double left arrow d Click Apply This add...

Страница 249: ...ection of the Configuration Editor click to the left of the Service Classes branch label This opens the Service Classes table displaying the default set of Service Classes This table is also a configuration form You can use this form to configure edit delete and add Service Classes to create a customized default set The modified default Service Classes set and individual Service Class settings you con...

Страница 250: ... policy from the Acceleration Policy drop down menu The options are disk Select this policy to specify the appliance disk as the location for storing the traffic history used for compression This enables Disk Based Compression DBC policy for this Service Class Generally speaking a policy of disk is usually the best choice as the appliance automatically selects disk or memory as the storage location...

Страница 251: ... CloudBridge 7 4 Product documentation available on the citrix documentation portal http docs citrix com Note To view WANOptimization AppFlow reports selectthe Monitoring tab and then in the navigation tree leftpane open the WAN Optimization branch and selectAppFlow See also Monitoring Your SD WANVirtual WAN Exclude from the SSL Tunnel Select this to exclude traffic associated with the Service Clas...

Страница 252: ... Add All double right arrow To remove an Application from the list Select it in the Configured list on the right and then click the Remove left arrow To remove all of the Applications from the list at once click the Remove All double left arrow d Scroll down to reveal the truncated portion of the form The Filter Rules settings section is somewhat long so you will need to use the scroll bars to reve...

Страница 253: ...r to include or exclude the Destination IP Address for this Filter Rule Select the Exclude checkbox to exclude the specified Destination IP Address from this Filter Rule Deselect the checkbox to include the address k Click Apply This applies your modifications to the rule and hides the Filter Rules settings section 5 Optional Customize the default Service Classes set You can add or delete Service Cl...

Страница 254: ... this section 3 Configure the basic settings for the Service Class 4 Configure the Filter Rules for the Service Class d Click Add to add the new Service Class to the default set and dismiss the Add configuration form 6 Optional recommended Save the configuration package For instructions on saving and loading a configuration package see Naming Saving and Backing Up the MCN Site Configuration You have now...

Страница 255: ...the following 1 If you have not done so open the Optimization section in the Configuration Editor Click the Optimization section heading to open that section The Optimization section tree contains a branch for the Defaults settings and a branch for each eligible client site in the current configuration Optimization is supported for CB 1000 VW and CB 2000 VW clients only Consequently the appliance fo...

Страница 256: ...onfiguration category and opens it for editing The below image shows an example top level settings configuration form in this case for the Features set 6 Enter your configuration changes From this point on the configuration process for each branch site Optimization category is the same as for the corresponding Defaults section category For instructions on configuring a particular category of sets or se...

Страница 257: ...tion Classifiers Configuring Optimization Default Service Classes 7 Optional recommended Save the configuration package For instructions on saving and loading a configuration package see Naming Saving and Backing Up the MCN Site Configuration You have now completed configuring the Optimization section sets and settings for your Virtual WAN The next step is to prepare the Virtual WAN Appliance Packages f...

Страница 258: ...e appliance has been running since the last reboot Service Uptime This specifies the duration for which the Virtual WAN Service has been running since the last restart Virtual Path Service Status Virtual Path site name This displays the current status of all the Virtual Paths associated with this appliance If the Virtual WAN Service is enabled this section is included on the page If the Virtual WAN...

Страница 259: ... 1999 2017 Citrix Systems Inc All rights reserved p 259 https docs citrix com The below figure shows a sample Dashboard page and information for a client appliance ...

Страница 260: ...igation tree in the left pane By default this also displays the Statistics page with Paths preselected in the Show field This contains a detailed table of path statistics Note If you navigate to another Monitoring page for example Flows you can return to this page by selecting Statistics in the Monitoring navigation tree leftpane 3 Open the Show drop down menu next to the Show field In addition to t...

Страница 261: ... 1999 2017 Citrix Systems Inc All rights reserved p 261 https docs citrix com 4 Select a filter from the Show menu to view a table of statistical information for that topic ...

Страница 262: ...th LAN to WAN preselected in the Flow Type field 3 Select the Flow Type The Flow Type field is located in the Select Flows section at the top of the Flows page Next to the Flow Type field is a row of checkbox options for selecting the flow information you want to view You can check one or more boxes to filter the information to be displayed 4 Select the Max Flows to Display from the drop down menu next...

Страница 263: ...oggle Columns The Toggle Columns button is just above the top right corner of the Flows table This reveals any deselected columns and opens a checkbox above each column for selecting or deselecting that column Deselected columns display greyed out as shown in the below figure Note By default all of the columns are selected which can cause the table to be truncated in the display obscuring the Toggl...

Страница 264: ...s reserved p 264 https docs citrix com b Click a checkbox to select or deselect a column c Click Apply above the top right corner of the table This dismisses the selection options and refreshes the table to include only the selected columns ...

Страница 265: ...ew reports for the Virtual WAN use the Virtual WANCenter Web Interface To generate and view CloudBridge Virtual WAN reports do the following 1 Log onto the Management Web Interface for the MCN and select the Monitoring tab This opens the Monitoring navigation tree in the left pane 2 Select a report type from the navigation tree The report types are listed as branches in the navigation tree just be...

Страница 266: ...99 2017 Citrix Systems Inc All rights reserved p 266 https docs citrix com In addition to the various types of reports for each report type there are numerous options and filters for refining report results ...

Страница 267: ... by NetScaler SD WAN These articles contain information about some of the following important features Click a feature name in the table below to view the list of how to articles for that feature Virtual Routing and Forwarding Enabling RED for QoS Fairness Deployment Dynamic Routing DHCP Client and Server Management Route Filters IPsec Termination and Monitoring Secure Web Gateway Configuration ...

Страница 268: ...table and enables the support for overlapping IP subnets NetScaler SD WAN appliances implement OSPF and BGP routing protocols for the routing domains to control and segment network traffic Following are the list of points to condiser when configuring the VRF functionality By default routing domains are enabled on an MCN Routing domains have to be enabled on the Branche sites Each enabled routing dom...

Страница 269: ... Routing Domains click Add and enter a Name for your new Routing Domain 2 If you want to default to this Routing Domain click the Default checkbox Click Apply to save the changes If you plan to implement a single Routing Domain no explicit configuration is required All new configurations are automatically populated with a default Routing Domain 3 Navigate to Sites Client Site Name Routing Domains Cl...

Страница 270: ... 1999 2017 Citrix Systems Inc All rights reserved p 270 https docs citrix com ...

Страница 271: ...ditor navigate to Connections Site Name Routes 2 Choose a Routing Domain from the drop down menu New Routes are automatically associated with the default Routing Domain For detailed instructions see configuring routes 3 After you configure routes validate the route tables for the configured routing domain by navigating to Configuration Virtual WAN View Routes ...

Страница 272: ...elect Routing Domain for Intranet Service Oct 04 2016 To select routing domain for intranet service 1 In the Configuration Editor navigate to Connections Site Name Intranet Services Intranet Service Name Basic Settings click the Edit icon 2 Choose a Routing Domain from the drop down menu ...

Страница 273: ...he Configuration Editor navigate to Sites Client Site Name Interface Groups choose a Routing Domain from the drop down menu when configuring Virtual Interfaces For detailed instructions see configuring interface groups Note After Virtual Interfaces are associated with a specific Routing Domain only those interfaces will be available when using thatRouting Domain ...

Страница 274: ...IP Addresses 1 In the Configuration Editor navigate to Sites Client Site Name Virtual IP Addresses 2 Choose a Routing Domain from the dropdown menu when configuring Virtual IP Addresses For detailed instructions see configuring Virtual IP addresses The Routing Domain you choose determines which Virtual Interfaces are available from the drop down menu ...

Страница 275: ...o configure Virtual IP Address identity 1 In the Configuration Editor navigate to Sites Site Name Virtual IP Addresses 2 Click the Identity checkbox for a Virtual IP Address to use it for IP services For example Identity is used as the Source IP Address to communicate with BGP neighbors For more information click the help icon in the GUI ...

Страница 276: ... Source IP This field can be empty if this address is the same as Source IP 5 Enter the Destination IP address of the GRE Tunnel 6 Enter the Tunnel IP Prefix address of the GRE Tunnel 7 Click Checksum if you want to use checksum in the GRE Tunnel Header 8 Enter a value for the Keepalive Period in seconds If you configure 0 no keepalive packet are transmitted but the GRE Tunnel will be active 9 Enter ...

Страница 277: ...ace Dec 14 2016 To configure Access Interface 1 In the Configuration Editor navigate to Sites Client Site Name WAN Links WAN Link Name Access Interfaces 2 Choose a Routing Domain from the drop down menu when configuring an Access Interface For detailed instructions see configuring WAN links and Access Interfaces ...

Страница 278: ...iated with Realtime Interactive and Bulk class types Each type can be configured further to optimize quality of service for its type of traffic Classes 4 9 can be used to specify user defined classes Classes are of one of the following three types Realtime Used for low latency low bandwidth time sensitive traffic Real time applications are time sensitive but don t really need high bandwidth for examp...

Страница 279: ...e queue after the initial period When in contention the scheduler ensures that the realtime class receives the Initial Rate and the Sustained Rate that you specify plus a small percentage of the available bandwidth that is shared with interactive and bulk classes 6 For interactive classes you can specify the following attributes Initial Period The time period in milliseconds during which to apply ...

Страница 280: ...termines the remaining virtual path bandwidth to be used for a bulk class Bulk traffic is serviced after real time and interactive traffic are serviced Typically a bulk class gets a lower sustained share than an interactive class 8 Click Apply Note Save the configuration exportitto the change managementinbox and initiate the change managementprocess ...

Страница 281: ...opinion score MOS is a numerical measure of the quality of the experience that an application delivers to end users It is primarily used for VoIP applications In SD WAN MOS is also used to assess the quality of non VoIP applications by judging the traffic as if it were a VoIP call SD WAN Center calculates and displays the MOS for existing traffic that passes through the virtual path For more informa...

Страница 282: ...imate MOS 5 Click Apply Note You can also enable MOS estimation for the defaultapplications by clicking the pencil icon and selecting Estimate MOS Note Enable the Track Performance option under Rules to estimate MOS for applications and display itin SD WANCenter For more information aboutrules see How to Create Rules ...

Страница 283: ...her For viewing rule groups navigate to Monitoring Statistics and in the Show field select Rule Groups You can also add custom applications For more information see How to add Custom Applications and Enable MOS 4 In the Routing Domain field choose one of the configured routing domains 5 You can define rule matching criteria to filter services on the basis of the parameters listed below After the filteri...

Страница 284: ...for the flow is duplicated across multiple paths increasing reliability Override Service Traffic for the flow will override to a different service In the Override Service field select the service type to which the service will override For example a virtual path service could override to an intranet internet or pass through service Retransmit Lost Packets Send traffic that matches this rule to the remo...

Страница 285: ... smaller than or equal to this size are assigned the Drop Limit and Drop Depth values specified in the fields to the right of the Class field Packets larger than this size are assigned the values specified in the default Drop Limit and Drop Depth fields in the Large Packets section of the screen Drop Limit Length of time after which packets waiting in the class scheduler are dropped Not applicable for ...

Страница 286: ...ength specified in the Reassign Size field Disable Limit Time for which duplication can be disabled to prevent duplicate packets from consuming bandwidth Disable Depth The queue depth of the class scheduler at which point the duplicate packets will not be generated TCP Standalone ACK class High priority class to which TCP standalone acknowledgements are mapped during large file transfers 10 Click the...

Страница 287: ...LAN DSCP Tag DSCP tag applied to the packets that match this rule before sending them to the LAN 11 Click Deep Packet Inspection tile and select Enable Passive FT P Detection to allow the rule to detect the port used for FTP data transfer and automatically apply the rule settings to the detected port 12 Click Apply Note Save the configuration exportitto the change managementinbox and initiate the c...

Страница 288: ...arios implemented by using NetScaler SD WAN appliances Deploying SD WAN in Gateway Mode Deploying SD WAN in PBR mode Virtual Inline Mode Dynamic Paths for Branch to Branch Communication Static WAN Paths Building an SD WAN Network Routing for LAN Segementation Utilizing Enterprise Edition Appliance to Provide WAN Optimization Services Only ...

Страница 289: ...configuration Gateway mode places the SD WAN appliance physically in the path two arm deployment and requires changes in the existing network infrastructure to make the SD WAN appliance the default gateway for the entire LAN network for that site Note An SD WANdeployed in Gateway mode acts as a Layer 3 device and cannotperform fail to wire All interfaces involved will be configured for Fail to block...

Страница 290: ...If any If any Model Edition 4000 2000 Mode Gateway Inline Topology 2 x WANPath 2 x WANPath VIP Address 192 168 10 9 24 MPLS 10 0 10 9 24 Internet Public IP A B C D 192 168 30 1 24 LAN 192 168 20 9 24 MPLS 10 0 20 9 24 Internet Public IP W X Y Z Gateway MPLS 192 168 10 1 192 168 20 1 Gateway Internet 10 0 10 1 10 0 20 1 Link Speed MPLS 100 Mbps Internet 20 Mbps MPLS 10 Mbps Internet 2 Mbps Route Ne...

Страница 291: ...one active MCNin a SD WANnetwork 2 Start Configuration by navigating to Configuration Virtual WAN Configuration Editor Click the New to begin configuration Following are the high level configuration steps to configure Datacenter site Gateway deployment 1 Create a new DC site 2 Populate Interface Groups based on connected Ethernet interfaces 3 Create Virtual IP address for each virtual interface 4 Popula...

Страница 292: ...this example three Interfaces Groups are created one facing the LAN and two others facing each respective WAN Link Refer to the sample DC Gateway Mode topology above and populate the Interface Groups fields as shown below 1 Create a VIP on the appropriate subnet for each WAN Link VIPs are used for communication between two SD WAN appliances in the Virtual WAN environment 2 Create a Virtual IP Addr...

Страница 293: ...ess Interf aces click the button to add interface details specific for the Internet link 4 Populate Access Interface for IP and gateway addresses as shown below To create MPLS Link 1 Navigate to WAN Links click the button to add a WAN Link for the MPLS link 2 Populate MPLS link details as shown below 3 Navigate to Access Interf aces click the button to add interface detail specific for the MPLS li...

Страница 294: ... are the high level configuration steps to configure Branch site for Inline deployment 1 Create a new Branch site 2 Populate Interface Groups based on connected Ethernet interfaces 3 Create Virtual IP address for each virtual interface 4 Populate WAN links based on physical rate and not burst speeds using Internet and MPLS Links 5 Populate Routes if there are additional subnets in the LAN infrastruc...

Страница 295: ...erface Group is assigned two Ethernet interfaces 2 Bypass mode is set to f ail to wire and Bridge Pair is created using the two Ethernet interfaces 3 Refer to the sample Remote Site Inline Mode topology above and populate the Interface Groups fields as shown below 1 Create a Virtual IP address on the appropriate subnet for each WAN Link VIPs are used for communication between two SD WAN appliances...

Страница 296: ... IP address as shown below 3 Navigate to Access Interf aces click the button to add interface details specific for the Internet link 4 Populate Access Interface for IP address and gateway as shown below To create MPLS Link 1 Navigate to WAN Links click the button to add a WAN Link for the MPLS link 2 Populate MPLS link details as shown below 3 Navigate to Access Interfaces click the button to add ...

Страница 297: ...dentifying which gateway to direct traffic to in order to reach those backend subnets After completing configuration for DC and Branch sites you will be alerted to resolve audit error on both DC and BR sites By default the system will generate paths for WAN Links defined as access type Public Internet You would be required to use the auto path group function or enable paths manually for WAN Links wit...

Страница 298: ... rights reserved p 298 https docs citrix com for MPLS links can be enabled by clicking on the Add operator in the green rectangle After completing all the above steps proceed to Preparing the SD WAN Appliance Packages on the MCN topic ...

Страница 299: ... at the core switch or further upstream at the router The router must monitor the health of the SD WAN SE appliance so that the appliance can be bypassed if it fails NetScaler SD WAN SE needs to be configured to pass traffic to the proper gateway Traffic intended for the Virtual Path is directed towards the SD WAN SE and then encapsulated and directed to the appropriate WAN link Accurate network diag...

Страница 300: ...10 24 Internet VLAN20 Public IP w x y z 10 17 0 9 24 MPLS 10 18 0 9 24 Internet Public IP a b c d Gateway MPLS 10 20 0 1 10 17 0 1 Gateway Internet 10 19 0 1 10 18 0 1 Link Speed MPLS 100 Mbps Internet 20 Mbps MPLS 10 Mbps Internet 2 Mbps Route Need to add a route on the SD WANSE Appliance to reach the LANSubnets 10 10 11 0 24 10 10 12 0 24 10 10 13 0 24 etc through any of the physical interfaces ...

Страница 301: ...e active MCNin a SD WANnetwork 2 Start Configuration by navigating to Configuration Virtual WAN Configuration Editor Click the New to begin configuration Following are the high level configuration steps to configure Datacenter site in PBR deployment mode 1 Create a new DC site 2 Configure Interface Groups based on connected Ethernet interfaces 3 Configure Virtual IP address for each virtual interface 4 Po...

Страница 302: ...Ethernet physical interface is used per virtual interface There are also no Bridge Pairs 3 In this example expand Virtual Interfaces option and configure the Virtual Interfaces for both MPLS and INTERNET links in this particular topology we have the following assignment Virtual Interface INTERNET configured on VLAN 20 Virtual Interface MPLS configured on VLAN 10 1 Create a Virtual IP Address on the ...

Страница 303: ... WAN appliance configured as MCN 3 Navigate to Access Interf aces click the button to add interface details specific for the Internet link 4 Populate Access Interface for IP and gateway addresses as shown below The Proxy ARP is not checked for less than two Ethernet interfaces To create MPLS Link 1 Navigate to WAN Links click the button to add a WAN Link for the MPLS link 2 Populate MPLS link deta...

Страница 304: ...y ARP is notchecked for less than two Ethernetinterfaces On the Data center site add a route on the SD WAN SEE appliance to reach the LAN Subnets 10 10 11 0 24 10 10 12 0 24 10 10 13 0 24 etc through any of the physical interfaces 0 1 0 1 192 168 1 1 on VLAN 10 0 1 0 2 192 168 2 1 on VLAN 20 ...

Страница 305: ... 1999 2017 Citrix Systems Inc All rights reserved p 305 https docs citrix com Following are the high level configuration steps to configure Branch site for Inline deployment ...

Страница 306: ...ture 1 In the Conf iguration Editor navigate to Sites Client Site Name Interf ace Groups Click to add interfaces intended to be used For Inline mode configuration four Ethernet interface are used interface pair 1 3 1 4 and interface pair 1 1 and 1 2 2 Bypass mode is set to fail to wire since two Ethernet physical interfaces are used per virtual interface There are two bridge Pairs 3 Populate WAN l...

Страница 307: ... citrix com 1 Create a Virtual IP address on the appropriate subnet for each WAN Link VIPs are used for communication between two SD WAN appliances in the Virtual WAN environment To populate WAN links based on physical rate and not on burst speeds using Internet link ...

Страница 308: ...f aces click the button to add interface details specific for the Internet link 4 Populate Access Interface for Virtual IP address and gateway as shown below To create MPLS Link 1 Navigate to WAN Links click the button to add a WAN Link for the MPLS link 2 Populate MPLS link details as shown below 3 Navigate to Access Interf aces click the button to add interface details specific for the MPLS link...

Страница 309: ...uration In case there are additional subnets specific to this remote branch office then specific routes need to be added identifying which gateway to direct traffic to in order to reach those backend subnets After completing configuration for DC and Branch sites you will be alerted to resolve audit error on both DC and BR sites ...

Страница 310: ... 1999 2017 Citrix Systems Inc All rights reserved p 310 https docs citrix com ...

Страница 311: ...t You would be required to use the auto path group function or enable paths manually for WAN Links with an access type of Private Internet Paths for MPLS links can be enabled by clicking on the Add operator in the green rectangle Create an Autopath Group 1 Click on the sign next to Autopath Groups 2 Configure the Autopath Group created as per requirement and click Apply ...

Страница 312: ...ath Group Optional 4 Map the Autopath Group to the Virtual Paths of Intranet WAN links at respective sites No two Autopath Groups can be marked as default If marked would lead to an Audit Error After mapping the Autopath Group to the Virtual Paths of Intranet WAN the paths should be automatically ...

Страница 313: ...All rights reserved p 313 https docs citrix com populated highlighted 1 Select the Virtual Paths under WAN Links for respective sites and no Autopath Group would be mapped 2 Click the sign next to Paths to add Virtual Paths manually ...

Страница 314: ...c All rights reserved p 314 https docs citrix com 3 Select the Virtual Paths WAN Links for each site After manually adding the virtual paths for WAN links with access type Private Intranet it gets populated under Paths highlighted ...

Страница 315: ... 1999 2017 Citrix Systems Inc All rights reserved p 315 https docs citrix com After completing all the above steps proceed to Preparing the SD WAN Appliance Packages on the MCN topic ...

Страница 316: ...a single Virtual Path allowing packets to traverse the WAN utilizing the SD WAN overlay network instead of the existing underlay which is least intelligent and cost inefficient Local subnet resides at this site advertised to SD WAN environment Virtual Path sent through Virtualized Path to the selected site appliance Intranet sites with no SD WAN appliance Internet internet bound traffic Pass through...

Страница 317: ... is created dynamically if that new path has better performance characteristics than the fixed path Session traffic is transmitted through the new path This results in efficient usage of resources Paths exist only when they are needed and reduce the amount of traffic getting transmitted to and from the datacenter Additional benefits of SD WAN network include Bandwidth and PPS thresholds to allow branch...

Страница 318: ...ured To enable dynamic virtual paths 1 In the NetScaler SD WAN GUI under the Connections pane create a WAN to WAN Forwarding Group 2 Navigate to Connections Client Site Name WAN to WAN Forwarding a Enable WAN to WAN Forwarding to enable the site to serve as a proxy for multi hop site to site b Enable Site as Intermediate Node 3 Navigate to Connections Remote Site WAN to WAN Forwarding a Enable WAN...

Страница 319: ...rved p 319 https docs citrix com Configuration determines when a Dynamic Virtual Path is active or down Configure sample packet count pps or bandwidth kbps within a timeframe Can be set Globally or with WAN Link configured at the Intermediate Node ...

Страница 320: ...e all routes are considered as MCN routes When WAN to WAN forwarding is not enabled on the MCN Branch to Branch communication issues are encountered in the customer network SD WAN appliances running in client mode are not aware of other branches subnets until WAN to WAN forwarding is enabled on MCN Once this option is enabled branch SD WAN nodes become aware of other branch subnets and all the tra...

Страница 321: ... and Forwarding VRF table that is maintained in the SD WAN Standard or Enterprise Edition appliance which keeps track of the remote IP address ranges accessible to a local LAN segment This VLAN to VLAN traffic would still traverse the WAN through the same pre established Virtual Path between the two appliances no new paths need to be created An example use case for this functionality is that a WAN ...

Страница 322: ...affic is not encapsulated and traverses over existing WAN link to reach the DC site A WANOP appliance at the DC site needs to be in the traffic path to provide end to end traffic optimization For customer sites that do not have SD WAN hardware appliance at the head end VPX appliances in a HA pair two Virtual WAN VPXs can be used as MCN in one arm mode For the one arm mode PBR rules on the third party...

Страница 323: ...mization appliance inline by the PBR Router Traffic flow for WAN to DC LAN CE Customer Edge Router PBR Router SD WAN PBR Router LAN CE Customer Edge Router PBR Router WAN OPT LAN The same traffic flow will be followed in the reverse direction 1 Configure the SD WAN Appliance at DC MCN to establish Virtual Paths between DC and Branch sites See http docs citrix com en us netscaler sd wan 9 1 configuration...

Страница 324: ... Branch site a Repeat sub steps a to c from step 2 above on the Branch site For example Enter 172 16 1 0 24 in the Network IP address field with cost 4 and select Service Type as Intranet 4 Perform Change Management to upload and distribute configuration to the Branch site See Exporting configuration package and change management By default the traffic is sent from Branch to DC through the Virtual Pat...

Страница 325: ... on attached interfaces metrics used and other variables are included in OSPF LSAs OSPF routers accumulate link state information which is used by the SPF algorithm to calculate the shortest path to each node You can now configure NetScaler SD WAN appliances Standard and Enterprise Editions to learn routes and advertise routes using OSPF Note NetScaler SD WANappliances do notparticipate as Designat...

Страница 326: ...umn will notappear If Identity is notchecked for a specific Virtual IP Address the associated Virtual Interface will notbe available for IP services For more information see the Virtual IP Address Identity section 7 Choose one of the available Virtual Interfaces from the Name drop down menu The Virtual Interface will determine the Source IP Address 8 Enter the Interf ace Cost 10 is the default 9 Ch...

Страница 327: ...r BGP IBGP BGP is a robust and scalable routing protocol deployed on the Internet To achieve scalability BGP uses many route parameters called attributes to define routing policies and maintain a stable routing environment BGP neighbors exchange full routing information when the TCP connection between neighbors is first established When changes to the routing table are detected the BGP routers send ...

Страница 328: ...he drop down menu The Virtual Interface will determine the Source IP Address 7 Enter the IP Address of the IBGP Neighbor router in the Neighbor IP field 8 In the Hold Time s field enter the Hold Time in seconds to wait before declaring a neighbor down the default is 180 9 In the Local Preference s field enter the Local Preference value in seconds which is used for selection from multiple BGP routes t...

Страница 329: ...WAN technology starts becoming more integral to Enterprise network deployments SD WAN appliances will replace the Routers SD WAN implements eBGP dynamic routing protocol to function as a dedicated routing device SD WAN appliance establishes nieghbourship with peer routers using eBGP towards WAN side and is able to learn advertise routes from and to peers You can select importing and exporting eBGP...

Страница 330: ...with non SD WAN site over eBGP Communication Between SD WAN sites Using Virtual Path and eBGP Implementing OSPF in one arm topology OSPF Type5 to Type1 deployment in MPLS Network SD WAN and non SD WAN third party appliance OSPF deployment Implementing OSPF using SD WAN network with high availaiblity setup ...

Страница 331: ... across the changing network In previous releases OSPF instance learned routes from SD WAN were treated as external routes with Type 5 LSA only These routes were advertised to its neighbor routers in Type 5 External LSA This resulted in SD WAN routes to be less preferred routes according to the OSPF path selection algorithm With the latest release SD WAN can now advertise routes as intra area rout...

Страница 332: ...ged configuration you should see the Route Type changes under Configuration Virtual WAN View Configuration Dynamic Routing As shown in the illustration above DC MCN is deployed in one arm topology When DC site is up one arm router forwards all traffic from local LAN to other sites such as the Branch s local LAN whose destination IP address is within same subnet to the SD WAN first then SD WAN appliance...

Страница 333: ...rds traffic to the ME DC Router and back from router to the MCN and this creates a loop continuously The static routes which are not PBR routes but the destination Host IP based routes will traverse towards the right link to be chosen from the DC side based on the path chosen and the encapsulation performed thereafter Therefore with these static routes configured the encapsulated packets with any de...

Страница 334: ...her on the ME BR1_Router so that DC SD WAN route is configured in the routing table of the ME DC_Router This also ensures that when the DC SD WAN appliance fails the alternate route to use ME BR1_Router as the next preferred gateway will ensure uninterrupted traffic flow Use ME DC_Router as a source f or advertising 172 58 8 0 24 network to both DC SD WAN and the ME BR1_Router With this route the DC ...

Страница 335: ...o route types under Export OSPF Route T ype Type 5 AS External Type 1 Intra Area 6 After activation of the changed config user should be able to see the Route Type changes under Configuration Virtual WAN View Configuration Route type should be displayed as Type 5 AS External To configure OSPF exported route weight under Export Filter settings 1 Configure Virtual Interfaces and WAN links on both DC and...

Страница 336: ...nk between R1 and R2 8 Send traffic between the end hosts on DC and Branch sites 9 Disable Virtual WAN Service on the DC site so that Virtual Paths go down 10 Send the traffic between the end hosts on DC and Branch sites Verif ying Conf iguration 1 Initially at step 4 all the traffic passes through SD WAN appliance 2 At step 6 when the link between R1 and R2 is broken traffic is routed towards SD ...

Страница 337: ... least costs 7 Bring the Active MCN down and observe the behavior 8 Bring the original Active MCN back Up 9 The Dashboard High Availability Status shows correctly for HA Local Appliance and Peer Appliance for Active and Standby 10 Under Conf iguration View Conf iguration Dynamic Routing OSPF is enabled and export_ospf _route_type shows T ype1 and export_ospf _route_weight as 50 11 Even after failo...

Страница 338: ...GP on the LAN side and eBGP on the WAN side 2 Multiple iBGP LAN Routers in a Linear Network Topology with Direct Peering and meshed with NetScaler SD WAN Limitations AS Path prepend Med and Community attributes are not supported Route filtering between OSPF and BGP during redistribution is not supported Either all or none of the routes learned from OSPF are advertised to BGP peers and vice versa R...

Страница 339: ...able and if the site with SD WAN appliance Site A loses internet connectivity then the site without SD WAN can communicate with Site A through another SD WAN appliance site Site B Site B funnels traffic from the site without SD WAN appliance to the Site A 2 Communication between SD WAN sites using Virtual Path and eBGP Provides underlay route learning to communicate with remote site local subnets w...

Страница 340: ... Data Center Branch and are advertised to a Non SD WAN network through eBGP 1 In the Conf iguration Editor navigate to Connections Site Name Route Learning 2 Expand Import Filters and Export Filters to view the existing route filters Import Filters are separate and distinct from Export Filters You can configure up to 32 Export Filters Note If there is only one Routing Domain configured the Routing ...

Страница 341: ... that are used to narrow the selection of routes exported Numeric value Service Type Selectthe Service types thatwill be assigned to matching routes from a listof the existing supported NetScaler SD WANServices Service Types Any Local Virtual Path Internet Intranet LANGRE Tunnel LANIPsec Tunnel Site Service Name For Intranet LANGRE Tunnel and LANIPsec Tunnel specify the name of the configured Servi...

Страница 342: ... enabling third party devices to terminate IPsec VPN Tunnels on the LAN or WAN side of a NetScaler SD WAN appliance You can secure site to site IPsec Tunnels terminating on an SD WAN appliance by using a 140 2 Level 1 FIPS certified IPsec cryptographic binary SD WAN also supports resilient IPsec tunneling using a differentiated virtual path tunneling mechanism ...

Страница 343: ...ault Sets or Dynamic Virtual Path Def ault Sets 2 Create new default set virtual or dynamic virtual path and enable Secure Virtual Path User Data with IPsec 3 Choose one of the available options for IPsec encryption Encapsulation types ESP AH or ESP AH Encryption Modes AES 128 or 256 Bit Hash Algorithm SHA1 or SHA 256 4 Apply the created Virtual Path Default Set to the MCN node This automatically ...

Страница 344: ... 1999 2017 Citrix Systems Inc All rights reserved p 344 https docs citrix com ...

Страница 345: ...ermine which Local IP addresses are available 3 Select the available Local IP address and enter the Peer IP address for the virtual path to peer with Note If the Service Type is Intranet the IP address is pre determined by the chosen IntranetService 4 Configure IPsec settings by applying the criteria described in the following tables When finished click Apply to save your settings Field Description ...

Страница 346: ...own menu Pre Shared Key If you are using a pre shared key copy and paste it into this field Click on the Eyeball icon to view the Pre Shared Key Certificate If you are using an identity certificate choose it from the drop down menu Validate Peer Identity Click this checkbox to validate the IKE s peer If the peer s ID type is notsupported do notenable this feature None DH Group Choose the Diffie Hell...

Страница 347: ...ons 300 seconds default IKEv2 Peer Authentication Choose Peer Authentication from the drop down menu Mirrored Pre Shared Key Certificate Peer Pre Shared Key Paste the IKEv2 Peer Pre Shared Key into this field for authentication Click the eyeball icon to view the Pre Shared Key Textstring Integrity Algorithm Choose an algorithm as the hashing algorithm to use for HMAC verification from the drop down ...

Страница 348: ...t Lifetime Max s Enter the maximum amountof time in seconds to allow an IPsec security association to exist 86400 seconds default Lifetime KB Enter the amountof data in kilobytes for an IPsec security association to exist Kilobytes Lifetime KB Max Enter the maximum amountof data in kilobytes to allow an IPsec security association to exist Kilobytes Network Mismatch Behavior Choose the action to ta...

Страница 349: ... 1999 2017 Citrix Systems Inc All rights reserved p 349 https docs citrix com ...

Страница 350: ...trix Systems Inc All rights reserved p 350 https docs citrix com How To Add IKE Certificates Oct 04 2016 To implement certificates for IKE negotiation 1 Navigate to Sites Certificates and add any necessary certificates ...

Страница 351: ...tion 1 Navigate to Configuration Virtual WAN View Configuration 2 Select Virtual Path Service from the drop down menu The IPsec settings are displayed only if IPsec is enabled in the configuration editor 3 Select IPsec Tunnels from the drop down menu to view the IPsec Tunnel configuration 4 Each virtual path will show its own IPsec tunnel status as shown below ...

Страница 352: ... 1999 2017 Citrix Systems Inc All rights reserved p 352 https docs citrix com ...

Страница 353: ...configured within the SD WAN network How To Monitor IPSec Logs 1 Navigate to Configuration Appliance Settings Logging Monitoring Select Filename from the drop down menu and click View Log You can view the following log details for the IPsec tunnel Creation and Deletion of IPsec tunnel IPsec tunnel status change How To View IPSec Tunnel Alerts 1 Navigate to Configuration Appliance Settings Logging Mon...

Страница 354: ... Systems Inc All rights reserved p 354 https docs citrix com 1 Navigate to Configuration System Maintenance Diagnostics Events 2 Add events based on the IPSEC_TUNNEL object type Create filters for all IPsec related events ...

Страница 355: ...ets together and reference a single Network Object when defining a Route Filter rather than creating a filter for each subnet To configure Network Objects 1 In the Configuration Editor navigate to Global Network Objects click Add 2 Click Add under Networks 3 Enter the IP Address and Subnet of the new Network Object 4 Click Apply to save the settings To edit the Network Object s name double click on th...

Страница 356: ... How To Configure Link State Propagation To configure Link State Propagation 1 Navigate to Configuration Editor Sites Site Name Interface Groups 2 Expand Virtual Interfaces and under Bridge Pairs click the LSP checkbox to enable Link State Propagation for a Bridge Pair Click Apply to save the settings Monitoring Link Statistics To monitor Link statistics 1 In the Monitor Statistics page choose Ethern...

Страница 357: ... 1999 2017 Citrix Systems Inc All rights reserved p 357 https docs citrix com ...

Страница 358: ... interface By analyzing the data provided by Net Flow you can determine the source and destination of traffic class of service and the causes for traffic congestion To configure Net Flow Hosts 1 Navigate to Configuration Appliance Settings Net Flow Netflow Host Settings page Click the Enable Netflow checkbox and enter the IP Address and Port numbers for up to three Net flow Hosts then click Apply Setting...

Страница 359: ...Last Resort is typically enabled when there are three WAN Links to a site that is Multiprotocol Label Switching Broadband Interent 4G LTE and one of the WAN links is 4G LTE and might be too costly for a business to allow usage unless it is necessary Note This feature can only be configured for Private Intranetand Public InternetAccess Types To configure Metered links 1 In the SD WAN web management i...

Страница 360: ...ased on Mbps of usage 4 After enabling the metered links capability you will be allowed to provide a Data Cap in MB billing cycle and starting date specific to this WAN link Let s set some low values so that we can more easily trigger these settings Set the Data Cap to 1 MB Cycle to Monthly and start date 03 01 2016 then click Apply 5 Save and Export the new configuration to the Change Management In...

Страница 361: ... 1999 2017 Citrix Systems Inc All rights reserved p 361 https docs citrix com 6 Run through the Change Management process ...

Страница 362: ...us area of the screen 1 After Activating the Staged appliances that have the new configuration changes running navigate to the Monitoring Usage Reports page to get a report on your metered link usage The top banner appears on every page alerting when threshold is reached at 50 75 90 and 100 usage always updating with the latest The WAN Link Metering Report on the Usage Reports page provides mode gr...

Страница 363: ...Links is lowered compared to the other WAN link Multiprotocol Label Switching even when there is no traffic across and the system itself is forced to send heartbeat packets between sites to determine the state latency loss jitter of the links in each direction 3 Navigate to Monitoring Statistics Click Show WAN Link to view WAN Links and results filtered by the Routing Domain 4 Navigate to Configurati...

Страница 364: ... WAN Links 1 Navigate to Monitoring Statistics Click Show Paths Summary to monitor standby WAN links A Path that has at least one Standby WAN Link as an endpoint is considered a backup Path All functions for Paths are supported regardless of whether or not a Path is configured as a backup Path ...

Страница 365: ...intermediary WAN router to perform this function Note DHCP Clientcan only be configured for untrusted non bridged interfaces configured as ClientNodes DHCP Clientfor Data Portcan be enabled only on non MCNsites One Arm or Policy Based Routing PBR deploymentis notsupported on the site with DHCP Clientconfiguration DHCP events are logged from the client s perspective only and no DHCP server logs are...

Страница 366: ...ps docs citrix com 2 Navigate to WAN Links WAN Link Name Settings Basic Settings 3 Click the Autodetect Public IP checkbox to enable the MCN to detect the Public IP Address used by the Client This is required when DHCP Client mode is configured for the WAN Link ...

Страница 367: ...s pools within the network to DHCP clients The DHCP server can be configured to assign additional parameters such as the IP address of the Domain Name System DNS server and the default router DHCP server accepts address assignment requests and renewals The DHCP server also accepts broadcasts from locally attached LAN segments or from DHCP requests that have been forwarded by other DHCP relay agents...

Страница 368: ... SD WAN Standard or Enterprise Editions appliances to relay requests and replies between local DHCP Clients and a remote DHCP Server This allows local hosts to acquire dynamic IP addresses from the remote DHCP Server Relay agent receives DHCP messages and generates a new DHCP message to send out on another interface To enable DHCP relay service 1 Navigate to Configuration Appliance Settings Network...

Страница 369: ...earned Gateway or DHCP server or when duplicate IP addresses are detected in the archived log file If duplicate IPs are detected at a site Dynamic Virtual IP addresses are released and renewed until all Virtual Interfaces at the site obtain unique Virtual IP addresses To monitor DHCP client WAN links 1 In the Virtual WAN Enable Disable Purge Flows page the DHCP Client WAN Links table provides the s...

Страница 370: ...ill allow in the network It initially starts with a small window and doubles the size of that window whenever acknowledgments are received This is called the slow start or exponential growth phase TCP identifies network congestion by detecting dropped packets If the TCP stack sends a burst of packets that introduce a 250 ms delay TCP does not detect congestion if none of the packets are discarded s...

Страница 371: ...wait time on the class stays at the steady state 3 Verify that the Configuration Editor can be used to enable and disable RED and that it displays the correct value for the parameter 4 Verify that the View Configuration in the SD WAN GUI page displays whether RED is enabled for a rule How To Enable RED 1 Navigate to Configuration editor Connections Virtual Paths Select Virtual Path Local Remote Site ...

Страница 372: ... 1999 2017 Citrix Systems Inc All rights reserved p 372 https docs citrix com ...

Страница 373: ...Note If you have existing MPLS configurations and would like to implementthe Private MPLS Access Type please contactCitrix Support for assistance Configuring Private MPLS WAN Links 1 Define the WAN Link Access Type as Private MPLS 2 Define the MPLS Queues corresponding to the Service Provider MPLS queues 3 Enable the WAN Link for virtual path service enabled by default for Private MPLS WAN Links 4 F...

Страница 374: ...pe for Private MPLS 1 In the Configuration Editor click Add under Sites Site Name WAN Links the Add WAN Link pop up appears 2 Under the Basic Settings there is now a new MPLS Queues tab Click Add to add specific MPLS Queues These should correspond with the queues defined by the Service Provider Field Description MPLS Queue Name The MPLS queue name ...

Страница 375: ...ngestion When congestion exceeds the setThreshold SD WANbacks off the sending rate Eligibility The MPLS Queue s eligibility to process specific classes of traffic When eligibility is disabled for a specific class of traffic thatclass of traffic is unlikely to route through the MPLS Queue unless network conditions require it Configure the MPLS Queues that correspond to the existing Service Provider WAN L...

Страница 376: ...ps Inheriting an Autopath Group from the MPLS WANLink will only automatically generate paths between queues with matching DSCP tags Assign Autopath Group to Virtual Path WAN Link The Autopath Group defined is the same for the MCN and Client appliance This allows the system to build the Paths automatically At the MCN site you can also expand the WAN Link associated with the virtual path View Permitt...

Страница 377: ...t of bandwidth that a particular WAN Link Virtual Path Service Intranet Service or Internet Service is permitted to use at a given point in time The permitted rate for a WAN Link is static and is defined explicitly in the SD WAN configuration The permitted rate for a Virtual Path Service Intranet Service or Internet Service will fluctuate over time in response to congestion user demand and Fair Sh...

Страница 378: ...nsistently whether the user is at the data center site or branch site Because the Zscaler security solution is cloud based no new security appliances need to be added in the network The Zscaler Cloud Security Platform acts as a series of security check posts in more than 100 data centers around the world By simply redirecting your Internet traffic to Zscaler you can instantly secure your stores bra...

Страница 379: ...h is used as the GRE tunnel source IP address Zscaler uses the source IP address to identify the customer IP address The source IP needs to be a static public IP Zscaler responds with two ZEN IP addresses Primary and Secondary to transmit traffic to GRE keep alive messages can be used to determine the health of the tunnels Configuring GRE Events in SD WAN Web Interface To configure internet service ...

Страница 380: ...capsulated d Tunnel IP address and Prefix is the IP addressing on the GRE tunnel itself This is useful for routing traffic that needs to be sent over the GRE tunnel and needs this IP address as gateway address To configure GRE 1 In the configuration editor navigate to Connections Site GRE Tunnels The source IP address can only be chosen from the Virtual network interface on trusted links See How to Co...

Страница 381: ...0 0 0 0 0 would match the ZENIP and route itin a GRE tunnel encapsulation loop This particular configuration utilizes the tunnels in an active backup mode traffic automatically switches over to the tunnel with gateway IP address 172 61 2 2 when the tunnel with gateway IP address 172 61 2 2 fails If desired configure a backhaul virtual path route Otherwise setthe keep alive interval of the backup tunn...

Страница 382: ...ic MIBs IEEE8021 Q BRIDGE MIB 201112120000Z txt RFC1213 MIB https www ietf org rfc rfc1213 txt SNMPv2 MIB https www ietf org rfc rfc3418 txt TCP MIB https www ietf org rfc rfc4022 txt P BRIDGE MIB txt http www icir org fenner mibs extracted P BRIDGE MIB rfc2674 txt RMON2 MIB txt https www ietf org rfc rfc3273 txt TOKEN RING RMON MIB txt http www icir org fenner mibs extracted TOKEN RING RMON MIB r...

Страница 383: ...mpd daemon process on Linux systems The MIBs provide the basis for supporting Network Management applications for example Nagios or SolarWinds The Ethernet port packet and byte counters are in the IF MIB inside the ifTable System information is in the system object Ethernet ports are included in the ifTable so walking that should be sufficient to ensure that the SNMP subsystem is running Support fo...

Страница 384: ...e rails mount the hardware connect the cables and turn on the appliance Initial Configuration Describes how to perform initial configuration of your NetScaler appliance and assign management and network IP addresses Citrix NetScaler SD WAN appliance models SD WAN WANOP 400 800 1000 2000 and 3000 SD WAN WANOP 1000 WS and 2000 WS SD WAN WANOP 4000 and 5000 SD WAN Standard Edition 400 and 410 SD WAN St...

Страница 385: ...gnostic information and active alerts The dimensions of the LCD limit the display to two lines of 16 characters each causing the displayed information to flow through a sequence of screens Each screen shows information about a specific function The LCD has a neon backlight Normally the backlight glows steadily When there is an active alert it blinks rapidly If the alert information exceeds the LCD s...

Страница 386: ...Off No link Solid green Link is established but no traffic is passing through the port Blinking green Traffic is passing through the port Management RJ45 Left Speed Off No connection or a traffic rate of 10 megabits per second Mbps Green Traffic rate of 100 Mbps Amber Traffic rate of 1 gigabit per second Right Link Activity Off No link Solid yellow Link is established but no traffic is passing thr...

Страница 387: ... power supply Flashing RED No power to this power supply Flashing GREEN Power supply is in standby mode GREEN Power supply is functional RED Power supply failure DC OFF No power to any power supply Flashing RED No power to this power supply Flashing BLUE Power supply is in standby mode BLUE Power supply is functional RED Power supply failure ...

Страница 388: ...BASE T port has a maximum transmission speed of 100 megabits per second Mbps Most platforms have at least one 10 100BASE T port 10 100 1000BASE T portThe 10 100 1000BASE T port has a maximum transmission speed of 1 gigabit per second ten times faster than the other type of copper Ethernet port Most platforms have at least one 10 100 1000Base T port To connect any of these ports to your network you...

Страница 389: ...ve The solid state drive stores your configuration information used to restore from a backup after replacing the unit Note SD WANStandard Edition 400 and 410 appliances do nothave field replaceable units The field replaceable SSD and power supplies are notrequired SD WAN WANOP SE 4000 and WANOP 5000 field replaceable units FRU are components that can be quickly and easily removed from the appliance an...

Страница 390: ...e Common Hardware Components which describes the various hardware components hardware platforms and includes a table summarizing the hardware specifications Note If you suspect that a power supply fan is not working see the description of your platform On some platforms what appears to be the fan does not turn and the actual fan turns only when necessary Table 1 LED Power Supply Indicators Power Su...

Страница 391: ...s might not represent the actual SD WAN appliance Figure 1 Removing the Existing AC Power Supply 2 Carefully remove the new power supply from its box 3 On the back of the appliance align the power supply with the power supply slot 4 Insert the power supply into the slot and press against the semicircular handle until you hear the power supply snap into place Figure 2 Inserting the Replacement AC P...

Страница 392: ...pplies must be of the same type AC or DC Note You can replace one power supply without shutting down the appliance provided the other power supply is working To install or replace a DC power supply on a SD WAN 4000 5000 appliance 1 Loosen the thumbscrew and press the lever towards the handle and pull out the existing power supply as shown in the following figure Figure 3 Removing the Existing DC P...

Страница 393: ...3 https docs citrix com cable to an appliance in which two power supplies are installed To silence the alarm press the small red button on the back panel of the appliance The disable alarm button is functional only when the appliance has two power supplies ...

Страница 394: ...ight or down depending on the platform while pulling out on the drive handle to disengage Pull out the faulty drive Note The illustration in the following figures might not represent the actual SD WAN appliance Figure 1 Removing the Existing Solid State Drive 3 Verify that the replacement SSD is the correct type for the platform 4 Pick up the new SSD open the drive handle fully to the left and ins...

Страница 395: ... Disengage the hard disk drive by pushing the safety latch of the drive cover to the right or down depending on the platform while pulling out on the drive handle to disengage Pull out the faulty drive Figure 1 Removing the Existing Hard Disk Drive 4 Pick up the new disk drive open the drive handle fully to the left and insert the new drive into the slot as far as possible To seat the drive close ...

Страница 396: ...and supports WAN speeds of up to 6 Mbps SD WAN 800 Series A small 1U appliance suitable for medium sized branch offices the 800 Series has two accelerated bridges and supports WAN speed of up to 10 Mbps SD WAN 2000 Series A full sized 1U appliance suitable for large branch offices and smaller datacenters the 2000 Series has two accelerated bridges and supports WAN speed of 10 50Mbps Sd WAN 3000 Se...

Страница 397: ...pliance Power Fail Indicates that a power supply unit has failed Information LED Indicates the following Status Description Continuously on and red The appliance is overheated This might be a result of cable congestion Blinking red 1Hz Fan failure Blinking red 0 25Hz Power failure Solid blue Local UID has been activated Use this function to locate the server in a rack mount environment Blinking bl...

Страница 398: ...400 800 appliance Cooling fan Single power supply rated at 200 watts 110 240 volts Accelerated pairs of Ethernet ports apA and apB which function as accelerated bridges Individual port assignments LAN1 is apA 1 WAN1 is apA 2 LAN2 is apB 1 LAN2 is apB 2 RS 232 serial console port One Aux Ethernet port and one management port Two USB ports One Solid State Drive SSD SD WAN 400 160 GB SSD SD WAN 800 2...

Страница 399: ...tical information about different parts of the appliance Figure 1 Citrix NetScaler SD WAN 1000 front panel The appliance has the following ports An RS232 serial console port A copper Ethernet RJ45 management port The management port is used to connect directly to the appliance for system administration functions Four 10 100 1000Base T copper Ethernet ports numbered 1 1 1 2 1 3 and 1 4 from left to...

Страница 400: ... 1999 2017 Citrix Systems Inc All rights reserved p 400 https docs citrix com USB port reserved for a future release Single power supply rated at 300 watts 100 240 volts ...

Страница 401: ...liance s software A copper Ethernet RJ45 management port numbered 0 1 The management port is used to connect directly to the appliance for system administration functions Note The LOM port also operates as a management port Four 10 100 1000Base T copper Ethernet ports numbered 1 1 1 2 1 3 and 1 4 from left to right The four ports form two accelerated pairs which function as accelerated bridges Por...

Страница 402: ...on maskable interrupt NMI button for use at the request of Technical Support to produce a core dump You must use a pen pencil or other pointed object to press this red button which is recessed to prevent unintentional activation Single power supply rated at 300 watts 100 240 volts ...

Страница 403: ...rnet ports front panel The following figure shows the front panel of a SD WAN 3000 appliance with four 1G SX fiber ports Figure 2 Citrix NetScaler SD WAN 3000 4 1G SX Fiber ports front panel The appliance has the following ports An RS232 serial console port A copper Ethernet RJ45 Port called the Lights out Management LOM port You can use this port to remotely monitor and manage the appliance indepen...

Страница 404: ...on the back panel of the SD WAN 3000 appliance Four 600 GB removable solid state drives The top left solid state drive stores both the appliance s software and the user data The other three store only user data Power switch which turns power to the appliance on or off To turn off the power press the switch for five seconds USB port reserved for a future release Non maskable interrupt NMI button fo...

Страница 405: ...bps Model 400 006 6 Mbps Up to 10 Mbps Model 800 002 2Mbps Model 800 006 6 Mbps Model 800 010 10 Mbps Model 1000 006 6 Mbps Model 1000 010 10 Mbps Model 1000 020 20 Mbps Model 2000 010 10 Mbps Model 2000 020 20 Mbps Model 2000 050 50 Mbps Model 3000 050 50 Mbps Model 3000 100 100 Mbps Model 3000 155 155 Mbps Maximum HDX sessions Up to 60 Up to 100 200 300 500 Total sessions 500 10 000 10 000 20 00...

Страница 406: ... EIA 310 D for 19 inch racks EIA 310 D for 19 inch racks System depth 10 5 26 7 cm 10 5 26 7 cm 25 4 64 5 cm 25 4 64 5 cm System weight 8 lbs 3 5 kg 8 lbs 3 5 kg 32 lbs 14 5 kg 32 lbs 14 5 kg Shipping dimensions and weight 26L x 18 5W x 6 5 H 14 lbs 26L x 18 5W x 6 5 H 14 lbs 32L x 23 5W x 7 5 H 39 lbs 32L x 23 5W x 7 5 H 39 lbs Environmental and Regulatory Voltage 100 240 VAC 50 60 Hz 100 240 VAC...

Страница 407: ...king Europe CSA TUV Electromagnetic and susceptibility certifications FCC Part 15 Class A EN 55022 Class A EN 61000 3 2 3 3 CISPR 22 Class A FCC Part 15 Class A EN 55022 Class A EN 61000 3 2 3 3 CISPR 22 Class A FCC Part 15 Class A EN 55022 Class A EN 61000 3 2 3 3 CISPR 22 Class A FCC Part 15 Class A CE C Tick VCCI A CCC KCC NOM SASO SABS PCT FCC Part 15 Class A CE C Tick VCCI A CCC KCC NOM SASO S...

Страница 408: ...r SD WAN 800 series Citrix NetScaler SD WAN 1000 series Citrix NetScaler SD WAN 2000 series Citrix NetScaler SD WAN 3000 series AutoConfiguration Y Y Y Y Y SD WAN Plug In N N N Y Y Compression Y Y Y Y Y RPC over HTTPS Y Y Y Y Y SSL Compression Y Y Y Y Y TCP Acceleration Y Y Y Y Y Traffic Shaping Y Y Y Y Y Video Caching N Y Y Y Y Windows File System Acceleration Y Y Y Y Y Windows Outlook Accelerati...

Страница 409: ...s reserved p 409 https docs citrix com VLANs Y Y Y Y Y Feature Citrix NetScaler SD WAN 400 series Citrix NetScaler SD WAN 800 series Citrix NetScaler SD WAN 1000 series Citrix NetScaler SD WAN 2000 series Citrix NetScaler SD WAN 3000 series ...

Страница 410: ...ppliance or a 6 Mbps appliance but a SD WAN 400 can not be upgraded to a SD WAN 800 1000 2000 or 3000 The same is true of the other series The licensed bandwidth applies only to the sending direction so a SD WAN 400 002 rated at 2 Mbps in the sending direction is appropriate for an ADSL link with a 12 Mbps 2 Mbps download upload bandwidth In addition to differences in WAN bandwidth capabilities th...

Страница 411: ...tisfied that your appliance has been delivered to your expectations verify that the location where the appliance will be installed meets temperature and power requirements and that the server cabinet or floor to ceiling cabinet is securely bolted to the floor and has sufficient airflow Only trained and qualified personnel should install maintain or replace the appliance and efforts should be taken to en...

Страница 412: ...ower cable If you ordered a SD WAN 1000 2000 or 3000 appliance the box should contain The appliance you ordered One RJ 45 to DB 9 adapter One 6 ft RJ 45 DB 9 cable One power cable One standard 4 post rail kit Note If the kit that you received does not fit your rack contact your Citrix sales representative to order the appropriate kit In addition to the items included in the box with your new appli...

Страница 413: ...ironment Power density Wiring capable of handling at least 4 000 watts per rack unit in addition to power needs for the CRAC The rack on which you install your appliance should meet the following criteria Rack characteristics Racks should be either integrated into a purpose designed server cabinet or be the floor to ceiling type bolted down at both top and bottom to ensure stability If you have a ...

Страница 414: ...nstalling or repairing an appliance always make sure that the ground circuit is connected first and disconnected last Make sure that a fuse or circuit breaker no larger than 120 VAC 15 A U S 240 VAC 16 A international is used on all current carrying conductors on the power system to which your appliances are connected Do not work alone when working with high voltage components Always disconnect th...

Страница 415: ...he room Therefore consider the lowest and highest operating temperatures of the equipment when making a decision about where to install the appliance in the rack Make sure that the leveling jacks on the bottom of the rack are fully extended to the floor with the full weight of the rack resting on them For a single rack installation attach a stabilizer to the rack For a multiple rack installation c...

Страница 416: ...tal standards and the server rack is in place according to the instructions you are ready to install the hardware After you mount the appliance you are ready to connect it to the network to a power source and to the console terminal that you will use for initial configuration To complete the installation you turn on the appliance Be sure to observe the cautions and warnings listed with the installa...

Страница 417: ... inner rail T o attach the inner rails to the appliance 1 Position the right inner rail behind the ear bracket on the right side of the appliance 2 Align the holes on the rail with the corresponding holes on the side of the appliance 3 Attach the rail to the appliance with the provided screws 4 Repeat steps 1 through 3 to install the left inner rail on the left side of the appliance T o install th...

Страница 418: ... has three pairs of accelerated bridge ports On the appliance ports 1 1 and 1 2 are the accelerated pair A apA bridge ports ports 1 3 and 1 4 are the apB ports and ports 1 5 and 1 6 are the apC bridge ports Updated 2014 01 20 Ethernet cables connect your appliance to the network The type of cable you need depends on the type of port used to connect to the network Use a category 5e or category 6 Et...

Страница 419: ... one power supply unless you have installed a second A separate ground cable is not required because the three prong plug provides grounding Provide power to the appliance by installing the power cord To connect the appliance to the power source 1 Connect one end of the power cable to the power outlet on the back panel of the appliance next to the power supply 2 Connect the other end of the power ...

Страница 420: ... for a different circuit than the first After verifying the connections you are ready to switch on the appliance 1 Verify that the appliance is connected through a console or Ethernet port This will ensure that you can configure the appliance after it is switched on 2 Depending on the appliance press the ON OFF toggle power switch or the power button to switch on the appliance Caution Be aware of ...

Страница 421: ...appliance to accelerate the network traffic To perform initial configuration Identify the prerequisites for the initial configuration Record various values required in the initial configuration procedure Configure the appliance by connecting it to the Ethernet port Perform additional configuration for Windows Assign management IP address through the serial console Troubleshoot initial configuration...

Страница 422: ...the appliance You have chosen four IP addresses for management of the appliance In the Worksheet record all IP addresses and other values you would use to configure the appliance Preferably print out the worksheet before you start the configuration process You should already have a SD WAN license key from Citrix sent in an email If you are using remote licensing you need the IP address of the lice...

Страница 423: ...ice Netmask Management Subnet 255 255 0 0 Network mask for the management subnet Gateway Management Subnet None The default gateway IP address of the appliance Port Model 2 Port Select 2 port or 4 port depending on the model In 4 port mode Windows Server does not have access to ports 1 3 and 1 4 DNS Server None IP address of the DNS server Citrix recommends that you specify a valid DNS server IP a...

Страница 424: ... of the Command Center appliance with which you want to register this appliance More info Command Center Port 8443 Optional Port number of the Command Center SD WAN More info Registration Password None Password you want to use to register the SD WAN appliance Licensing License Server Address None IP address of the licensing server Required only when you select a remote model license type Licensing...

Страница 425: ...Ethernet port 0 1 1 Set the Ethernet port address of a computer or other browser equipped device with an Ethernet port to 192 168 100 50 with a network mask of 255 255 0 0 On a Windows device this is done by changing the Internet Protocol Version 4 properties of the LAN connection as shown below You can leave the gateway and DNS server fields as blank 2 Using an Ethernet cable connect this compute...

Страница 426: ... completing the Configuration wizard 2 If you opt for a remote licensing server you must select a remote appliance model and provide the IP address of the licensing server in the Licensing Server Address field 19 In the WAN Link Definition section specify receive and send speeds for the WAN link in the respective fields Citrix recommends values 10 lower than the WAN bandwidth to avoid network cong...

Страница 427: ...d bridge port WCCP and virtual inline installations connect a single accelerated bridge port to your WAN router Virtual inline installations require that you configure your router to forward WAN traffic to the appliance See Router Configuration WCCP installations require configuration of your router and the appliance See WCCP Mode ...

Страница 428: ...o continue connecting to the management service 7 Log on to the shell prompt of the appliance with the following default credentials Password nsroot 8 At the logon prompt run the following command to open the Management Service Initial Network Address Configuration menu networkconfig 9 Type 1 and press Enter to select option 1 and specify a new management IP address for the management service 10 T...

Страница 429: ...In addition to pure forwarding modes the appliance has to account for additional types of connections including management connections to the GUI and the heartbeat signal that passes between members of a high availability pair For completeness these additional traffic modes are also listed in table below T able 1 How Ethernet and IP Addresses Determine the Mode Destination IP Address Destination Et...

Страница 430: ...s to operate as an active standby high availability pair If the primary appliance fails the secondary appliance takes over Additional traffic types are listed here for completeness Pass through traf f ic refers to any traffic that the appliance does not attempt to accelerate It is a traffic category not a forwarding mode Direct access where the appliance acts as an ordinary server or client The GU...

Страница 431: ...ions use only the bridged ports Some SD WAN units have only the motherboard ports In this case the two motherboard ports are bridged The appliance s user interface can be accessed by a VLAN or non VLAN network You can assign a VLAN to any of the appliance s bridged ports or motherboard ports for management purposes Figure 1 Ethernet Ports The ports are named as follows T able 1 Ethernet Port Names...

Страница 432: ... IP Address page The speed duplex settings are set on the Configuration Interface page Notes about parameters Disabled ports do not respond to any traffic The browser based UI can be enabled or disabled independently on all ports To secure the UI on ports with IP addresses select HTTPS instead of HTTP on the Configuration Administrator Interface Web Access page Inline mode works even if a bridge ha...

Страница 433: ...ypass feature is wired as if a cross over cable connected the two ports which is the correct behavior in properly wired installations Important Bypass installations must be tested Improper cabling might work in normal operation but not in bypass mode The Ethernet ports are tolerant of improper cabling and often silently adjust to it Bypass mode is hard wired and has no such adaptability Test inlin...

Страница 434: ...Citrix Systems Inc All rights reserved p 434 https docs citrix com Two units with multiple bridges can be used in a high availability pair Simply match up the bridges so that all links pass through both appliances ...

Страница 435: ... itself to other acceleration units This address is used internally for a variety of purposes and is most visible to users as the Partner Unit field on the Monitoring Optimization Connections page If no motherboard port is enabled the appliance uses the IP address of Accelerated Pair A The Primary port is used for Administration through the web based UI A back channel for group mode A back channel...

Страница 436: ...or example if one traffic stream passing through the accelerated bridge is addressed to 10 0 0 1 VLAN 100 and another is addressed to 10 0 0 1 VLAN 111 the appliance knows that these are two distinct destinations even though the two VLANs have the same IP address You can assign a VLAN to all some or none of the appliance s Ethernet ports If a VLAN is assigned to a port the management interfaces GUI...

Страница 437: ...de Accelerating All Traffic on a WAN Note Any TCP based traffic passing through both units is accelerated No address translation proxying or per site setup is required Inline mode is auto detecting and auto configuring Configuration is minimized with inline mode because your WAN router need not be aware of the appliance s existence Depending on your configuration inline mode s link down propagation ...

Страница 438: ... bypass relay is closed the appliance s bridge ports are inaccessible If carrier is lost on one of the bridge ports the carrier is dropped on the other bridge port to ensure that the link down condition is propagated to the device on the other side of the appliance Units that monitor link state such as routers are thus notified of conditions on the other side of the bridge Link down propagation has...

Страница 439: ...ting acceleration and it should be used when practical Because all the link traffic is flowing through the appliances the benefits of fair queuing and flow control prevent the link from being overrun In IP networks the bottleneck gateway determines the queuing behavior for the entire link By becoming the bottleneck gateway the appliance gains control of the link and can manage it intelligently This is...

Страница 440: ... can install the appliance on a branch network that includes only those systems This is shown in the following figure Figure 1 Inline Mode Accelerating Selected Systems Only SD WAN traffic shaping relies on controlling the entire link so traffic shaping is not effective with this topology because the appliance sees only a portion of link traffic Latency control is up to the bottleneck gateway and int...

Страница 441: ...p 441 https docs citrix com Configuring and Troubleshooting Inline Mode Dec 26 2012 Inline mode requires only basic configuration because it is applied automatically to any packets passing through the accelerated bridge Troubleshooting is described under ...

Страница 442: ...CCP modes WCCP is the original SD WAN WCCP offering supported since release 3 x It supports a single appliance service group no clustering WCCP clustering introduced in release 7 2 allows your router to load balance traffic between multiple appliances The physical mode for WCCP deployment of a SD WAN appliance is one arm mode in which the appliance is connected directly to a dedicated port on the ...

Страница 443: ...first contacts the router over the WCCP control channel UDP port 2048 and the appliance and router exchange information with packets named Here_I_Am and I_See_You respectively By default this process is repeated every ten seconds If the router fails to receive a message from the appliance for three of these intervals it considers the appliance to have failed and stops forwarding traffic to it until ...

Страница 444: ...or either L2 or GRE The traffic port 1 1 is connected directly to a dedicated router port Gig 4 12 Figure 3 Simple WCCP deployment In this example the SD WAN 4000 5000 is deployed in one arm mode with the traffic port 1 1 and the management port 0 1 each connecting to its own dedicated router port On the router WCCP is configured with identical ip wccp redirect in statements on the WAN and LAN ports...

Страница 445: ...iances with more than one accelerated pair all the traffic for a given WCCP service group must arrive on the same accelerated pair Do not mix inline and WCCP traffic on the same appliance The appliance does not enforce this guideline but violating it can cause difficulties with acceleration WCCP and virtual inline modes can be mixed but only if the WCCP and virtual inline traffic are coming from d...

Страница 446: ...nd substantial LAN to LAN traffic sending all traffic to the appliance can overload its LAN segment and burden the appliance with this unnecessary load If GRE is used the unnecessary traffic can load down the router as well On some routers the redirect in path is faster and puts less of a load on the router s CPU than does the redirect out path If necessary this can be determined by direct experiment...

Страница 447: ...Path Forwarding is enabled with an ip verify unicast source reachable statement delete or comment out the statement ip verify unicast source reachable via any Repeat on all ports ip wccp 51 redirect out ip wccp 51 redirect in ip wccp 52 redirect out ip wccp 52 redirect in If the appliance is inline with one of the router interfaces NOT SUPPORTED add the following line for that interface to prevent...

Страница 448: ...direct in The following line is needed only on the interface facing the other router if there is another router participating in this service group ip wccp 51 group listen If the appliance is inline with one of the router interfaces which is supported but not recommended add the following line for that interface to prevent loops ip wccp redirect exclude in Z ...

Страница 449: ...interface apA Protocol TCP WCCP Priority 0 Router Communication Unicast Password blank and Time to Live 1 values usually do not have to be changed for the first service group that you create but if they do type new values in the fields provided 6 In the Router Addressing field if you are using unicast or the Multicast Address field if you are using multicast type the router s IP address Use the IP...

Страница 450: ...ct For an incompatibility an alert announces that the router has incompatible router forwarding For Router Assignment The default is Hash When Auto is selected the mode is negotiated with the router All routers in a service group must support the same assignment method Hash or Mask For any service group if this attribute is configured as Auto the appliance selects Hash or Mask when the first route...

Страница 451: ... Performance Logging page shows a new entry each time WCCP mode is established or lost Figure 1 WCCP Log Entries format varies somewhat with release Router Status On the router the show ip wccp command shows the status of the WCCP link Router enable Password Router show ip wccp Global WCCP information Router information Router Identifier 172 16 2 4 Protocol Version 2 0 Service Identifier 51 Number...

Страница 452: ...p to 32 appliances in a fault tolerant load balanced array called a cluster In the example below three identical appliances same model same software version are cabled identically and configured identically except for their IP addresses Appliances using the same service groups with the same router can become a load balanced WCCP cluster When a new appliance registers itself with the router it can j...

Страница 453: ...uses the mask method only using a mask of 1 6 bits of the 32 bit IP address These address bits can be non consecutive All addresses yielding the same result when masked are sent to the same appliance Load balancing effectiveness depends on choosing an appropriate mask value a poor mask choice can result in poor load balancing or even none with all traffic sent to a single appliance ...

Страница 454: ...r the WCCP cluster should continue to operate without becoming overloaded if one appliance fails That can be accomplished by using three appliances when the calculations call for two This is called the N 1 rule Failure is an unusual event so usually all three appliances are in operation In this case each appliance is supporting only 67 Mbps and 250 users leaving plenty of headroom and making good ...

Страница 455: ...ice groups are supported All routers using the same service group pair must support the same forwarding method GRE or L2 The forwarding and return method negotiated with the router must match both must be GRE or both must be L2 Some routers do not support L2 in both directions resulting in an error of Router s forward or return or assignment capability mismatch In this case the service group must ...

Страница 456: ...ights reserved p 456 https docs citrix com Planning Your Deployment Jan 30 2014 Deploying appliances in a WCCP cluster requires more planning than does deploying a single appliance Read the following sections carefully before proceeding ...

Страница 457: ...ad of WCCP clustering since the equation builds in a spare appliance In other words WCCP clustering is not necessary from a capacity perspective unless appliances is 3 or more Example Suppose you have 700 users and a 100 Mbps link Some appliances you might consider are the SD WAN 2000 050 the SD WAN 3000 100 and the SD WAN 4000 310 Model Optimized WAN Capacity Maximum HDX Sessions Appliances_bw Ap...

Страница 458: ...ive or more caches some caches are idle because each bucket is assigned to only one cache and there are not enough buckets to cover all five caches Cache 1 2 3 4 5 Buckets 0 1 2 3 If there are more buckets than caches some caches are assigned multiple buckets For example if you set three mask bits creating eight buckets and you have four caches two buckets are assigned to each cache If you have fi...

Страница 459: ...ppliances the address mask must contain at least three one bits The one bits in the address mask must each be inside the active address range for most of your remote subnets or they skew the load balancing distribution The mask should split the address range of individual remote sites into as few pieces as possible for best compression performance If a remote appliance is faster than the local mem...

Страница 460: ...ch appliance gets its fair share of bucket with the lowest numbered bucket being assigned to the appliance with the lowest IP address If there are more appliances than buckets the leftover appliances with no bucket assigned to them are the ones with the highest numbered IP addresses This deterministic assignment allows traffic to arrive for a single connection through any of the routers in the serv...

Страница 461: ...ight come online within the same ten second window or they might arrive over multiple ten second windows causing traffic to be reapportioned multiple times before it stabilizes In the latter case the appliances that come online first maycan become overloaded until additional appliances come online An accelerated connection fails when allocated to a different appliance making reallocation disruptive ...

Страница 462: ...e Uspec From data sheet XenApp and XenDesktop Users on WAN Link Uwan User overload Factor Uoverload Uwan Uspec Supported BW Per Appliance BWspec From data sheet WAN Link BW BWwan BW Overload Factor BWoverload BWwan BWspec Number of appliances required N max Uoverload BWoverload 1 Includes one spare Min number of buckets Bmin N rounded up a power of 2 If SD WAN 4000 or 5000 Bmin 2 N rounded up to a...

Страница 463: ...rk field perhaps only two or three bits If this is the case with your network instead of masking bits in the offending area of the subnet field displace those bits to a portion of the host address field that has the 50 50 property For example if only three subnet bits in a 24 subnet have the 50 50 property and you are using four mask bits a mask of 0x00 00 07 10 avoids the offending bit at 0x00 00 08...

Страница 464: ...er you have finalized the deployment topology considered all limitations and filled in the deployment worksheet you are ready to deploy your appliances in a WCCP cluster To configure the WCCP cluster you need to perform the following tasks Configuring the NetScaler Instances Configuring the Router Configuring the Appliance ...

Страница 465: ...router This procedure assumes Cisco routers but is similar on other routers It uses the first of the two methods discussed above of redirecting WCCP traffic with an ip wccp redirect in statement on both LAN and WAN ports 1 Fill in the WCCP clustering Deployment Worksheet 2 Log on to your router 3 In the global declarations section declare each service group on the WCCP clustering worksheet listed ...

Страница 466: ...with an ip wccp 62 redirect in statement Similarly if the router used multiple ports for WAN traffic each port is configured with an ip wccp 61 redirect in statement If multiple routers shared the same WCCP cluster they use the same service groups It is also possible to use ip wccp redirect statements on only the WAN interfaces Example for WCCP clustering using WCCP redirect in out statements on W...

Страница 467: ...ter is configured to require a password enter the password in the Service Group Password field Otherwise leave the field blank 13 In the Router Communications Details section enter the IP address of the router T8 on your worksheet often identical to T1 as well This is the IP address of the appliance facing router interface If you use multiple routers to communicate with the appliance list them all...

Страница 468: ...ignment You must refresh the page manually to monitor changes in status If the appliance does not reach the status of 25 has assignment within a timeout period other informative status messages are displayed Additional information is displayed when you click on the Service Group or the Routers tabs T he Cluster Summary tab displays information about the WCCP cluster as a whole As a side effect of ...

Страница 469: ...ealth checking making troubleshooting difficult WCCP is thus the recommended mode and virtual inline is recommended only when inline and WCCP modes are both impractical The following figure shows a simple network in which all traffic destined for or received from the remote site is redirected to the appliance In this example both the local site and remote site use virtual inline mode Figure 1 Virtual...

Страница 470: ...re a single appliance each gets its own traffic back but not the traffic from the other router This mode also works with a single router Send to Gateway not recommended In this mode virtual inline output packets are forwarded to the default gateway for delivery even if they are destined for hosts on the local subnet This option is usually less desirable than the Return to Ethernet Sender option beca...

Страница 471: ... WAN traffic passes through the appliance Note When considering routing options keep in mind that returning data not just outgoing data must flow through the appliance For example placing the appliance on the local subnet and designating it as the default router for local systems does not work in a virtual inline deployment Outgoing data would flow through the appliance but incoming data would byp...

Страница 472: ...process Original configuration is in normal type appliance specific configuration is in bold ip cef interface FastEthernet0 0 ip address 10 10 10 5 255 255 255 0 ip policy route map client_side_map interface FastEthernet0 1 ip address 172 68 1 5 255 255 255 0 ip policy route map wan_side_map interface FastEthernet1 0 ip address 192 168 1 5 255 255 255 0 ip classless ip route 0 0 0 0 0 0 0 0 171 68...

Страница 473: ... next hop 192 168 2 200 route map client_side_map permit 10 match ip address client_side set ip next hop 192 168 2 200 _ Each of the above examples applies an access list to a route map and attaches the route map to an interface The access lists identify all traffic originating at one accelerated site and terminating at the other A source IP of 10 10 10 0 24 and destination of 20 20 20 0 24 or vice...

Страница 474: ... 1999 2017 Citrix Systems Inc All rights reserved p 474 https docs citrix com wildcard mask in binary 1 is considered a don t care bit ...

Страница 475: ...ves the asymmetric routing problem by using the router configuration to send all WAN traffic through the appliance regardless of the WAN link used The below figure shows a simple multiple WAN link deployment example The two local side routers redirect traffic to the local appliance The FE 0 0 ports for both routers are in the same broadcast domain as the appliance The local appliance must use the defa...

Страница 476: ...deployment In virtual inline mode a pair of appliances acts as one virtual appliance Router configuration is the same for an HA pair as with a single appliance except that the Virtual IP address of the HA pair not the IP address of an individual appliance is used in the router configuration tables In this example the local appliances must use default virtual inline configuration Return to Ethernet Se...

Страница 477: ...arding failures are typically caused by errors in router configuration If the Monitoring Usage or Monitoring Connections pages show that traffic is being forwarded but no acceleration is taking place assuming that an appliance is already installed on the other end of the WAN link check to make sure that both incoming WAN traffic and outgoing WAN traffic are being forwarded to the appliance If only one...

Страница 478: ... or 5000 appliances Group mode applies only to the appliances on one side of the WAN link the local appliances neither know nor care whether the remote appliances are using group mode Group mode uses a heartbeat mechanism to verify that other members of the group are active Packets are forwarded to active group members only Avoiding asymmetric routing is the main reason to use group mode but group...

Страница 479: ...t use a single appliance The alternatives are WCCP mode in which traffic from two or more links is sent to the same appliance by WAN routers by means of the WCCP protocol Virtual inline mode in which your routers send traffic from two or more links through the same appliance or high availability pair Multiple bridges where each link passes through a different accelerated bridge in the same applian...

Страница 480: ...rs forwarding decisions Figure 1 Sending side Traffic in Group Mode Figure 2 Receiving side traffic flow in group mode Group mode has two user selectable failure modes which control how the group members interact with each other if one of them fails The failure mode also determines whether the failed appliance s bypass card opens blocking traffic through the appliance or remains closed allowing tra...

Страница 481: ...lability pair the first cell in the HA Secondary SSL Common Name is blank If the other group member is a high availability pair specify the SSL Common Name of the HA secondary appliance in the HA Secondary SSL Common Name column 4 Click Add 5 Repeat steps 2 4 for any additional appliances or high availability pairs in the group 6 The three buttons under the list of group members are toggles so eac...

Страница 482: ...the connection it is accelerated and forwarded normally If it arrives first at a different appliance in the group it is forwarded to its owner over a GRE tunnel which accelerates it and returns it to the original appliance for forwarding Thus group mode leaves the router s link selection unchanged Using explicit IP based forwarding rules can reduce the amount of group mode forwarding This is especi...

Страница 483: ...he appliance on the primary link If the primary WAN link fails but the primary appliance does not the WAN router fails over and sends traffic over the secondary link The appliance on the secondary link forwards traffic to the primary link appliance and acceleration continues undisturbed This configuration maintains accelerated connections after the link failover Figure 2 Forwarding Rules ...

Страница 484: ...installation That the two appliances have entered group mode which can be determined on either appliance s Configuration Advanced Deployments Group Mode page That the behavior of the group mode pair is as desired when the other member fails and when one of the links fail as determined by disabling the other appliance and temporarily disconnecting one of the links respectively ...

Страница 485: ... pair The appliances each monitor the other s status by using the standard Virtual Router Redundancy Protocol VRRP heartbeat mechanism The pair has a common virtual IP address for management in addition to each appliance s management IP address If the primary appliance fails the secondary appliance takes over Failover takes approximately five seconds High availability mode is a standard feature ...

Страница 486: ...hibited on both appliances to prevent loops Warning The Ethernetbypass function is disabled in HA mode If both appliances in an inline HA pair lose power connectivity is lost If WAN connectivity is needed during power outages atleastone appliance mustbe attached to a backup power source Note The secondary appliance in the HA pair has one of its bridge ports portapA 1 disabled to preventforwarding ...

Страница 487: ...same software release HA in WCCP mode When WCCP is used with an HA pair the primary appliance establishes communication with the router The appliance uses its management IP address on apA or apB not its virtual IP address to communicate with the router Upon failover the new primary appliance establishes WCCP communication with the router ...

Страница 488: ...e or one armed mode This is depicted only in the middle diagram Figure 1 Cabling for High Availability Pairs Do not break the above topology with additional switches Random switch arrangements are not supported Each of the switches must be either a single monolithic switch a single logical switch or part of the same chassis If the spanning tree protocol STP is enabled on the router or switch ports...

Страница 489: ... 1999 2017 Citrix Systems Inc All rights reserved p 489 https docs citrix com ...

Страница 490: ...e following criteria Have identical hardware as shown by on the System Hardware entry on the Dashboard page Run exactly the same software release Be equipped with Ethernet bypass cards To determine what is installed in your appliances see the Dashboard page Appliances that do not support HA display a warning on the Configuration High Availability page ...

Страница 491: ... IP VIP address which enables you to manage the two appliances as if they were a single unit After you enable high availability mode managing the secondary appliance through its IP address is mostly disabled with most parameters grayed out A warning message displays the reason on every page Use the HA VIP for all management tasks You can however disable the secondary appliance s HA state from its ...

Страница 492: ... to the pair Although the value defaults to zero the valid range of VRRP ID numbers is 1 through 255 Within this range you can specify any value that does not belong to another VRRP device on your network 8 In the Partner SSL Common Name field type the other appliance s SSL Common Name which is displayed on that appliance s Configuration Advanced Deployments High Availability tab in the Partner SS...

Страница 493: ... On the secondary appliance update the software and reboot After the reboot the appliance is still the secondary Verify that the installation succeeded The primary appliance should show that the secondary appliance exists but that automatic parameter synchronization is not working due to a version mismatch 3 On the primary appliance update the software and then reboot The reboot causes a failover ...

Страница 494: ...he Configuration Advanced Deployments High Availability HA tab 2 Unplug a network cable from the bridge of one appliance Call it Appliance A 3 Unplug the power cord from Appliance A 4 Restore the parameters on the other appliance Appliance B by uploading a previously saved set of parameters on the System Maintenance Backup Restore page and clicking Restore Settings Completing this operation requir...

Страница 495: ...es that can interfere with high availability mode are The other appliance is not running The HA parameters on the two appliances are not identical The two appliances are not running the same software release The two appliances do not have the same model number Incorrect or incomplete cabling between the appliances does not allow the HA heartbeat to pass between them The HA Group Mode SSL Certifica...

Страница 496: ...00 and 2000 WANOP appliances with Windows Servers are based on the Citrix branch architecture which supports multiple virtual machines All branch appliances contain a SD WAN instance a management service instance and a Xen hypervisor In addition the SD WAN 1000 and 2000 appliances with Windows Server include a Windows Server instance which runs independently of the SD WAN WANOP instance As shown i...

Страница 497: ...indows server is deployed in a one armed configuration in the same local LAN in which you would deploy any other server In addition to the accelerated bridges and the Windows LAN port a management port connects to all virtual machines instances and the hypervisor The appliance has two modes two port mode and four port mode which determine how ports 1 3 and 1 4 are used The Citrix Compliance Regulat...

Страница 498: ... reset button restarts the appliance The LEDs provide critical information related to different parts of the appliance Power Fail Indicates the power supply unit has failed Information LED Indicates the following Status Description Continuously ON and red The appliance is overheated This might be a result of cable congestion Blinking red 1Hz Fan failure check for an inoperative fan Blinking red 0 ...

Страница 499: ...ce with Windows Server Figure 2 Citrix SD WAN 1000 appliance with Windows Server back panel The following components are visible on the back panel of a SD WAN 1000 appliance with Windows Server Cooling fan Single power supply rated at 200 watts 110 240 volts Accelerated pairs of Ethernet ports apA and apB which function as accelerated bridges RS 232 serial console port One AUX Ethernet port and on...

Страница 500: ...t port numbered 0 1 and named PRI primary The management port is used to connect directly to the appliance for system administration functions You can use this port for initial provisioning of WAN optimization and Windows Server Note The LOM port also operates as a management port Four 10 100 1000Base T copper Ethernet ports numbered 1 1 1 2 1 3 and 1 4 from left to right The four ports form two a...

Страница 501: ...for a future release Non maskable interrupt NMI button for use at the request of Technical Support to produce a core dump You must use a pen pencil or other pointed object to press this red button which is recessed to prevent unintentional activation Single power supply rated at 300 watts 100 240 volts ...

Страница 502: ... in the Windows Server as shown in the following table Front Panel SD WAN Instance Windows Server SD WAN 1000WS SD WAN 2000WS MGMT Blue 0 1 LOM PRI Primary Citrix PV Ethernet Adapter 0 0 1 AUX 0 2 AUX Aux Citrix PV Ethernet Adapter 1 0 2 apA LAN1 WCCP Green 1 1 apA 1 N A apA WAN1 1 2 apA 2 N A apB LAN2 1 3 apB 1 Double click the Desktop icon nic_mapping vbs to display the mapping apB WAN2 1 4 apB ...

Страница 503: ...erver Series Appliances Citrix NetScaler SD WAN 1000 with Windows Server series Citrix NetScaler SD WAN 2000 with Windows Server series AutoConfiguration Y Y SD WAN Plug In N Y Compression Y Y RPC over HTTPS Y Y SSL Compression Y Y TCP Acceleration Y Y Traffic Shaping Y Y Video Caching Y Y Windows File System Acceleration Y Y Windows Outlook Acceleration Y Y XenApp XenDesktop Acceleration Y Y Grou...

Страница 504: ...00 Acceleration Plug in CCUs N A 750 Hardware Specif ications Processor 4 Cores 4 Cores Total disk space 1x300 GB SSD and 1x1 TB HDD 1 x 600 GB SSD and 1X1 TB HDD SSD dedicated Compression history 123 GB for Disk Based Compression DBC 25 GB for video caching 225 GB for Disk Based Compression DBC 50 GB for video caching RAM 32 GB 24 GB Network Interfaces 2 pair with bypass 10 100 1000 2 GigE ports ...

Страница 505: ... Celsius 40 70 40 70 Allowed Relative Humidity 8 90 non condensing 5 95 Safety certifications CSA EN IEC UL 60950 1 Compliant UL or CSA Listed USA and Canada CE Marking Europe CSA EN IEC UL 60950 1 Compliant UL or CSA Listed USA and Canada CE Marking Europe Electromagnetic and susceptibility certifications FCC Part 15 Class A CCC KCC NOM SASO CITC EAC DoC CE VCCI RCM FCC Part 15 Class A CCC KCC NO...

Страница 506: ...iance you are ready to connect it to the network to a power source and to the console terminal that you will use for initial configuration You can also connect the appliance to a computer through Ethernet port for initial configuration On SD WAN 1000 appliance with Windows Server this port is labeled as MGMT management port and on SD WAN 2000 appliance with Windows Server the port is labeled as PRI ...

Страница 507: ...Rack Mounting the Appliance Apr 09 2014 A SD WAN 1000 or 2000 appliance with Windows Server requires one rack unit Both are rack mount devices that can be installed into two post relay racks or four post EIA 310 server racks Verify that the rack is compatible with your appliance ...

Страница 508: ...erved p 508 https docs citrix com Rack Mounting an SD WAN 1000 Appliance with Windows Server Apr 09 2014 SD WAN 1000 appliance with Windows Server is not shipped with rails You can mount the appliance to the rack by using the front mounting ports ...

Страница 509: ...e the second inner rail T o attach the inner rails to the appliance 1 Position the right inner rail behind the ear bracket on the right side of the appliance 2 Align the holes on the rail with the corresponding holes on the side of the appliance 3 Attach the rail to the appliance with the provided screws 4 Repeat steps 1 through 3 to install the left inner rail on the left side of the appliance T ...

Страница 510: ...vely However on SD WAN 2000WS appliance with Windows Server these ports are labeled as 1 1 and 1 2 and 1 3 and 1 4 respectively Connecting the Ethernet Cables Ethernet cables connect your appliance to the network The type of cable you need depends on the type of port used to connect to the network Use a category 5e or category 6 Ethernet cable with a standard RJ 45 connector on a 10 100 1000BASE T...

Страница 511: ...nto the console port and attach the cable to it 2 Insert the RJ 45 connector at the other end of the cable into the serial port of the computer or terminal Connecting the Power Cable A SD WAN appliance has one power supply A separate ground cable is not required because the three prong plug provides grounding Provide power to the appliance by installing the power cord Connect the other end of the ...

Страница 512: ...ce T o switch on the appliance 1 Verify that the appliance is connected through a console or Ethernet port so that you can configure the appliance after it is switched on 2 Press the ON OFF toggle power switch on the appliance 3 On SD WAN 2000 appliance for Windows Server verify that the LCD on the front panel is backlit and the start message appears Caution Be aware of the location of the emergen...

Страница 513: ... network you must configure the appropriate IP addresses on the appliance to accelerate the network traffic To perform initial configuration Identify the prerequisites for the initial configuration Record various values required in the initial configuration procedure Configure the appliance by connecting it to the Ethernet port Perform additional configuration for Windows Assign management IP addres...

Страница 514: ... appliance You have chosen four IP addresses for management of the SD WAN appliance In the Worksheet record all IP addresses and other values you would use to configure the appliance Preferably print out the worksheet before you start the configuration process You should already have a SD WAN license key from Citrix sent in an email If you are using remote licensing you need the IP address of the ...

Страница 515: ...dress of the Management Service Netmask Management Subnet 255 255 0 0 Network mask for the management subnet Gateway Management Subnet None The default gateway IP address of the appliance Port Model 2 Port Select 2 port or 4 port depending on the model In 4 port mode Windows Server does not have access to ports 1 3 and 1 4 DNS Server None IP address of the DNS server Citrix recommends that you spe...

Страница 516: ... Confirm Password nsroot New password for access to the appliance Command Center Conf iguration Command Center IP Address None Optional IP address of the Command Center appliance with which you want to register this appliance More info Command Center Port 8443 Optional Port number of the Command Center appliance Registration Password None Password you want to use to register the SD WAN appliance L...

Страница 517: ...f the following procedure Note Make sure that you have physical access to the appliance T o conf igure the appliance by connecting a computer to the SD WAN appliance s Ethernet port 0 1 1 Set the Ethernet port address of a computer or other browser equipped device with an Ethernet port to 192 168 100 50 with a network mask of 255 255 0 0 On a Windows device this is done by changing the Internet Pr...

Страница 518: ... article ctx131110 To apply the license you can navigate to the SD WAN Conf iguration Appliance Settings Licensing page after completing the Configuration wizard 2 If you opt for a remote licensing server you must select a remote appliance model and provide the IP address of the licensing server in the Licensing Server Address field 19 In the WAN Link Definition section specify receive and send sp...

Страница 519: ...00 appliance with Windows Server for the apA accelerated bridge port WCCP and virtual inline installations connect a single accelerated bridge port to your WAN router Virtual inline installations require that you configure your router to forward WAN traffic to the appliance See Router Configuration WCCP installations require configuration of your router and the appliance See WCCP Mode ...

Страница 520: ... of the Windows instance from your Worksheet 2 Log on to the Windows instance with the following credentials Username Administrator Password password 3 Use interface AUX for Windows Server traffic This port has a Windows Device Description of Citrix PV Ethernet Adapter 1 0 2 Set it to use an IP address and network mask in the network that you chose for the Windows adapter 4 Enable Windows services...

Страница 521: ...o continue connecting to the management service 7 Log on to the shell prompt of the appliance with the following default credentials Password nsroot 8 At the logon prompt run the following command to open the Management Service Initial Network Address Configuration menu networkconfig 9 Type 1 and press Enter to select option 1 and specify a new management IP address for the management service 10 T...

Страница 522: ...In addition to pure forwarding modes the appliance has to account for additional types of connections including management connections to the GUI and the heartbeat signal that passes between members of a high availability pair For completeness these additional traffic modes are also listed in table below T able 1 How Ethernet and IP Addresses Determine the Mode Destination IP Address Destination Et...

Страница 523: ...s to operate as an active standby high availability pair If the primary appliance fails the secondary appliance takes over Additional traffic types are listed here for completeness Pass through traf f ic refers to any traffic that the appliance does not attempt to accelerate It is a traffic category not a forwarding mode Direct access where the appliance acts as an ordinary server or client The GU...

Страница 524: ...ions use only the bridged ports Some SD WAN units have only the motherboard ports In this case the two motherboard ports are bridged The appliance s user interface can be accessed by a VLAN or non VLAN network You can assign a VLAN to any of the appliance s bridged ports or motherboard ports for management purposes Figure 1 Ethernet Ports The ports are named as follows T able 1 Ethernet Port Names...

Страница 525: ... Address page The speed duplex settings are set on the Configuration Interface page Notes about parameters Disabled ports do not respond to any traffic The browser based UI can be enabled or disabled independently on all ports To secure the UI on ports with IP addresses select HTTPS instead of HTTP on the Configuration Administrator Interface Web Access page Inline mode works even if a bridge has n...

Страница 526: ...ypass feature is wired as if a cross over cable connected the two ports which is the correct behavior in properly wired installations Important Bypass installations must be tested Improper cabling might work in normal operation but not in bypass mode The Ethernet ports are tolerant of improper cabling and often silently adjust to it Bypass mode is hard wired and has no such adaptability Test inlin...

Страница 527: ...Citrix Systems Inc All rights reserved p 527 https docs citrix com Two units with multiple bridges can be used in a high availability pair Simply match up the bridges so that all links pass through both appliances ...

Страница 528: ... itself to other acceleration units This address is used internally for a variety of purposes and is most visible to users as the Partner Unit field on the Monitoring Optimization Connections page If no motherboard port is enabled the appliance uses the IP address of Accelerated Pair A The Primary port is used for Administration through the web based UI A back channel for group mode A back channel...

Страница 529: ...or example if one traffic stream passing through the accelerated bridge is addressed to 10 0 0 1 VLAN 100 and another is addressed to 10 0 0 1 VLAN 111 the appliance knows that these are two distinct destinations even though the two VLANs have the same IP address You can assign a VLAN to all some or none of the appliance s Ethernet ports If a VLAN is assigned to a port the management interfaces GUI...

Страница 530: ...de Accelerating All Traffic on a WAN Note Any TCP based traffic passing through both units is accelerated No address translation proxying or per site setup is required Inline mode is auto detecting and auto configuring Configuration is minimized with inline mode because your WAN router need not be aware of the appliance s existence Depending on your configuration inline mode s link down propagation ...

Страница 531: ...ay is closed the appliance s bridge ports are inaccessible If carrier is lost on one of the bridge ports the carrier is dropped on the other bridge port to ensure that the link down condition is propagated to the device on the other side of the appliance Units that monitor link state such as routers are thus notified of conditions on the other side of the bridge Link down propagation has two operat...

Страница 532: ...ting acceleration and it should be used when practical Because all the link traffic is flowing through the appliances the benefits of fair queuing and flow control prevent the link from being overrun In IP networks the bottleneck gateway determines the queuing behavior for the entire link By becoming the bottleneck gateway the appliance gains control of the link and can manage it intelligently This is...

Страница 533: ... can install the appliance on a branch network that includes only those systems This is shown in the following figure Figure 1 Inline Mode Accelerating Selected Systems Only SD WAN traffic shaping relies on controlling the entire link so traffic shaping is not effective with this topology because the appliance sees only a portion of link traffic Latency control is up to the bottleneck gateway and int...

Страница 534: ...p 534 https docs citrix com Configuring and Troubleshooting Inline Mode Dec 26 2012 Inline mode requires only basic configuration because it is applied automatically to any packets passing through the accelerated bridge Troubleshooting is described under ...

Страница 535: ...modes WCCP is the original SD WAN WANOP WCCP offering supported since release 3 x It supports a single appliance service group no clustering WCCP clustering introduced in release 7 2 allows your router to load balance traffic between multiple appliances The physical mode for WCCP deployment of a SD WAN WANOP appliance is one arm mode in which the SD WAN appliance is connected directly to a dedicat...

Страница 536: ...t contacts the router over the WCCP control channel UDP port 2048 and the appliance and router exchange information with packets named Here_I_Am and I_See_You respectively By default this process is repeated every ten seconds If the router fails to receive a message from the appliance for three of these intervals it considers the appliance to have failed and stops forwarding traffic to it until con...

Страница 537: ...e becomes inactive WCCP clustering allows multiple appliances per service group The following figure shows a simple WCCP deployment suitable for either L2 or GRE The traffic port 1 1 is connected directly to a dedicated router port Gig 4 12 Figure 3 Simple WCCP deployment In this example the SD WAN WANOP 4000 5000 is deployed in one arm mode with the traffic port 1 1 and the management port 0 1 eac...

Страница 538: ...iances with more than one accelerated pair all the traffic for a given WCCP service group must arrive on the same accelerated pair Do not mix inline and WCCP traffic on the same appliance The appliance does not enforce this guideline but violating it can cause difficulties with acceleration WCCP and virtual inline modes can be mixed but only if the WCCP and virtual inline traffic are coming from d...

Страница 539: ...nd substantial LAN to LAN traffic sending all traffic to the appliance can overload its LAN segment and burden the appliance with this unnecessary load If GRE is used the unnecessary traffic can load down the router as well On some routers the redirect in path is faster and puts less of a load on the router s CPU than does the redirect out path If necessary this can be determined by direct experiment...

Страница 540: ...Path Forwarding is enabled with an ip verify unicast source reachable statement delete or comment out the statement ip verify unicast source reachable via any Repeat on all ports ip wccp 51 redirect out ip wccp 51 redirect in ip wccp 52 redirect out ip wccp 52 redirect in If the appliance is inline with one of the router interfaces NOT SUPPORTED add the following line for that interface to prevent...

Страница 541: ...direct in The following line is needed only on the interface facing the other router if there is another router participating in this service group ip wccp 51 group listen If the appliance is inline with one of the router interfaces which is supported but not recommended add the following line for that interface to prevent loops ip wccp redirect exclude in Z ...

Страница 542: ...ult interface apA Protocol TCP WCCP Priority 0 Router Communication Unicast Password blank and Time to Live 1 values usually do not have to be changed for the first service group that you create but if they do type new values in the fields provided 6 In the Router Addressing field if you are using unicast or the Multicast Address field if you are using multicast type the router s IP address Use th...

Страница 543: ...ct For an incompatibility an alert announces that the router has incompatible router forwarding For Router Assignment The default is Hash When Auto is selected the mode is negotiated with the router All routers in a service group must support the same assignment method Hash or Mask For any service group if this attribute is configured as Auto the appliance selects Hash or Mask when the first route...

Страница 544: ... Performance Logging page shows a new entry each time WCCP mode is established or lost Figure 1 WCCP Log Entries format varies somewhat with release Router Status On the router the show ip wccp command shows the status of the WCCP link Router enable Password Router show ip wccp Global WCCP information Router information Router Identifier 172 16 2 4 Protocol Version 2 0 Service Identifier 51 Number...

Страница 545: ...o 32 appliances in a fault tolerant load balanced array called a cluster In the example below three identical appliances same model same software version are cabled identically and configured identically except for their IP addresses Appliances using the same service groups with the same router can become a load balanced WCCP cluster When a new appliance registers itself with the router it can join...

Страница 546: ...ng uses the mask method only using a mask of 1 6 bits of the 32 bit IP address These address bits can be non consecutive All addresses yielding the same result when masked are sent to the same appliance Load balancing effectiveness depends on choosing an appropriate mask value a poor mask choice can result in poor load balancing or even none with all traffic sent to a single appliance ...

Страница 547: ...however the WCCP cluster should continue to operate without becoming overloaded if one appliance fails That can be accomplished by using three appliances when the calculations call for two This is called the N 1 rule Failure is an unusual event so usually all three appliances are in operation In this case each appliance is supporting only 67 Mbps and 250 users leaving plenty of headroom and making...

Страница 548: ... groups are supported All routers using the same service group pair must support the same forwarding method GRE or L2 The forwarding and return method negotiated with the router must match both must be GRE or both must be L2 Some routers do not support L2 in both directions resulting in an error of Router s forward or return or assignment capability mismatch In this case the service group must be ...

Страница 549: ...ights reserved p 549 https docs citrix com Planning Your Deployment Jan 30 2014 Deploying appliances in a WCCP cluster requires more planning than does deploying a single appliance Read the following sections carefully before proceeding ...

Страница 550: ...nstead of WCCP clustering since the equation builds in a spare appliance In other words WCCP clustering is not necessary from a capacity perspective unless appliances is 3 or more Example Suppose you have 700 users and a 100 Mbps link Some appliances you might consider are the SD WAN 2000 050 the SD WAN 3000 100 and the SD WAN 4000 310 Model Optimized WAN Capacity Maximum HDX Sessions Appliances_b...

Страница 551: ...ive or more caches some caches are idle because each bucket is assigned to only one cache and there are not enough buckets to cover all five caches Cache 1 2 3 4 5 Buckets 0 1 2 3 If there are more buckets than caches some caches are assigned multiple buckets For example if you set three mask bits creating eight buckets and you have four caches two buckets are assigned to each cache If you have fi...

Страница 552: ...ppliances the address mask must contain at least three one bits The one bits in the address mask must each be inside the active address range for most of your remote subnets or they skew the load balancing distribution The mask should split the address range of individual remote sites into as few pieces as possible for best compression performance If a remote appliance is faster than the local mem...

Страница 553: ...ch appliance gets its fair share of bucket with the lowest numbered bucket being assigned to the appliance with the lowest IP address If there are more appliances than buckets the leftover appliances with no bucket assigned to them are the ones with the highest numbered IP addresses This deterministic assignment allows traffic to arrive for a single connection through any of the routers in the serv...

Страница 554: ...ight come online within the same ten second window or they might arrive over multiple ten second windows causing traffic to be reapportioned multiple times before it stabilizes In the latter case the appliances that come online first maycan become overloaded until additional appliances come online An accelerated connection fails when allocated to a different appliance making reallocation disruptive ...

Страница 555: ...e Uspec From data sheet XenApp and XenDesktop Users on WAN Link Uwan User overload Factor Uoverload Uwan Uspec Supported BW Per Appliance BWspec From data sheet WAN Link BW BWwan BW Overload Factor BWoverload BWwan BWspec Number of appliances required N max Uoverload BWoverload 1 Includes one spare Min number of buckets Bmin N rounded up a power of 2 If SD WAN 4000 or 5000 Bmin 2 N rounded up to a...

Страница 556: ...rk field perhaps only two or three bits If this is the case with your network instead of masking bits in the offending area of the subnet field displace those bits to a portion of the host address field that has the 50 50 property For example if only three subnet bits in a 24 subnet have the 50 50 property and you are using four mask bits a mask of 0x00 00 07 10 avoids the offending bit at 0x00 00 08...

Страница 557: ...er you have finalized the deployment topology considered all limitations and filled in the deployment worksheet you are ready to deploy your appliances in a WCCP cluster To configure the WCCP cluster you need to perform the following tasks Configuring the NetScaler Instances Configuring the Router Configuring the Appliance ...

Страница 558: ...router This procedure assumes Cisco routers but is similar on other routers It uses the first of the two methods discussed above of redirecting WCCP traffic with an ip wccp redirect in statement on both LAN and WAN ports 1 Fill in the WCCP clustering Deployment Worksheet 2 Log on to your router 3 In the global declarations section declare each service group on the WCCP clustering worksheet listed ...

Страница 559: ...with an ip wccp 62 redirect in statement Similarly if the router used multiple ports for WAN traffic each port is configured with an ip wccp 61 redirect in statement If multiple routers shared the same WCCP cluster they use the same service groups It is also possible to use ip wccp redirect statements on only the WAN interfaces Example for WCCP clustering using WCCP redirect in out statements on W...

Страница 560: ...ter is configured to require a password enter the password in the Service Group Password field Otherwise leave the field blank 13 In the Router Communications Details section enter the IP address of the router T8 on your worksheet often identical to T1 as well This is the IP address of the appliance facing router interface If you use multiple routers to communicate with the appliance list them all...

Страница 561: ...ignment You must refresh the page manually to monitor changes in status If the appliance does not reach the status of 25 has assignment within a timeout period other informative status messages are displayed Additional information is displayed when you click on the Service Group or the Routers tabs T he Cluster Summary tab displays information about the WCCP cluster as a whole As a side effect of ...

Страница 562: ...ealth checking making troubleshooting difficult WCCP is thus the recommended mode and virtual inline is recommended only when inline and WCCP modes are both impractical The following figure shows a simple network in which all traffic destined for or received from the remote site is redirected to the appliance In this example both the local site and remote site use virtual inline mode Figure 1 Virtual...

Страница 563: ...re a single appliance each gets its own traffic back but not the traffic from the other router This mode also works with a single router Send to Gateway not recommended In this mode virtual inline output packets are forwarded to the default gateway for delivery even if they are destined for hosts on the local subnet This option is usually less desirable than the Return to Ethernet Sender option beca...

Страница 564: ... WAN traffic passes through the appliance Note When considering routing options keep in mind that returning data not just outgoing data must flow through the appliance For example placing the appliance on the local subnet and designating it as the default router for local systems does not work in a virtual inline deployment Outgoing data would flow through the appliance but incoming data would byp...

Страница 565: ...process Original configuration is in normal type appliance specific configuration is in bold ip cef interface FastEthernet0 0 ip address 10 10 10 5 255 255 255 0 ip policy route map client_side_map interface FastEthernet0 1 ip address 172 68 1 5 255 255 255 0 ip policy route map wan_side_map interface FastEthernet1 0 ip address 192 168 1 5 255 255 255 0 ip classless ip route 0 0 0 0 0 0 0 0 171 68...

Страница 566: ... next hop 192 168 2 200 route map client_side_map permit 10 match ip address client_side set ip next hop 192 168 2 200 _ Each of the above examples applies an access list to a route map and attaches the route map to an interface The access lists identify all traffic originating at one accelerated site and terminating at the other A source IP of 10 10 10 0 24 and destination of 20 20 20 0 24 or vice...

Страница 567: ... 1999 2017 Citrix Systems Inc All rights reserved p 567 https docs citrix com wildcard mask in binary 1 is considered a don t care bit ...

Страница 568: ...ves the asymmetric routing problem by using the router configuration to send all WAN traffic through the appliance regardless of the WAN link used The below figure shows a simple multiple WAN link deployment example The two local side routers redirect traffic to the local appliance The FE 0 0 ports for both routers are in the same broadcast domain as the appliance The local appliance must use the defa...

Страница 569: ...deployment In virtual inline mode a pair of appliances acts as one virtual appliance Router configuration is the same for an HA pair as with a single appliance except that the Virtual IP address of the HA pair not the IP address of an individual appliance is used in the router configuration tables In this example the local appliances must use default virtual inline configuration Return to Ethernet Se...

Страница 570: ...arding failures are typically caused by errors in router configuration If the Monitoring Usage or Monitoring Connections pages show that traffic is being forwarded but no acceleration is taking place assuming that an appliance is already installed on the other end of the WAN link check to make sure that both incoming WAN traffic and outgoing WAN traffic are being forwarded to the appliance If only one...

Страница 571: ... or 5000 appliances Group mode applies only to the appliances on one side of the WAN link the local appliances neither know nor care whether the remote appliances are using group mode Group mode uses a heartbeat mechanism to verify that other members of the group are active Packets are forwarded to active group members only Avoiding asymmetric routing is the main reason to use group mode but group...

Страница 572: ...t use a single appliance The alternatives are WCCP mode in which traffic from two or more links is sent to the same appliance by WAN routers by means of the WCCP protocol Virtual inline mode in which your routers send traffic from two or more links through the same appliance or high availability pair Multiple bridges where each link passes through a different accelerated bridge in the same applian...

Страница 573: ...rs forwarding decisions Figure 1 Sending side Traffic in Group Mode Figure 2 Receiving side traffic flow in group mode Group mode has two user selectable failure modes which control how the group members interact with each other if one of them fails The failure mode also determines whether the failed appliance s bypass card opens blocking traffic through the appliance or remains closed allowing tra...

Страница 574: ...lability pair the first cell in the HA Secondary SSL Common Name is blank If the other group member is a high availability pair specify the SSL Common Name of the HA secondary appliance in the HA Secondary SSL Common Name column 4 Click Add 5 Repeat steps 2 4 for any additional appliances or high availability pairs in the group 6 The three buttons under the list of group members are toggles so eac...

Страница 575: ...the connection it is accelerated and forwarded normally If it arrives first at a different appliance in the group it is forwarded to its owner over a GRE tunnel which accelerates it and returns it to the original appliance for forwarding Thus group mode leaves the router s link selection unchanged Using explicit IP based forwarding rules can reduce the amount of group mode forwarding This is especi...

Страница 576: ...he appliance on the primary link If the primary WAN link fails but the primary appliance does not the WAN router fails over and sends traffic over the secondary link The appliance on the secondary link forwards traffic to the primary link appliance and acceleration continues undisturbed This configuration maintains accelerated connections after the link failover Figure 2 Forwarding Rules ...

Страница 577: ...installation That the two appliances have entered group mode which can be determined on either appliance s Configuration Advanced Deployments Group Mode page That the behavior of the group mode pair is as desired when the other member fails and when one of the links fail as determined by disabling the other appliance and temporarily disconnecting one of the links respectively ...

Страница 578: ... pair The appliances each monitor the other s status by using the standard Virtual Router Redundancy Protocol VRRP heartbeat mechanism The pair has a common virtual IP address for management in addition to each appliance s management IP address If the primary appliance fails the secondary appliance takes over Failover takes approximately five seconds High availability mode is a standard feature ...

Страница 579: ...d during power outages at least one appliance must be attached to a backup power source Note The secondary appliance in the HA pair has one of its bridge ports port apA 1 disabled to prevent forwarding loops If the appliance has dual bridges apB 1 is also disabled In a one arm installation use port apA 2 Otherwise the secondary appliance becomes inaccessible when HA is enabled Primary secondary as...

Страница 580: ...s is depicted only in the middle diagram Figure 1 Cabling for High Availability Pairs Do not break the above topology with additional switches Random switch arrangements are not supported Each of the switches must be either a single monolithic switch a single logical switch or part of the same chassis If the spanning tree protocol STP is enabled on the router or switch ports attached to the applia...

Страница 581: ...e following criteria Have identical hardware as shown by on the System Hardware entry on the Dashboard page Run exactly the same software release Be equipped with Ethernet bypass cards To determine what is installed in your appliances see the Dashboard page Appliances that do not support HA display a warning on the Configuration High Availability page ...

Страница 582: ... IP VIP address which enables you to manage the two appliances as if they were a single unit After you enable high availability mode managing the secondary appliance through its IP address is mostly disabled with most parameters grayed out A warning message displays the reason on every page Use the HA VIP for all management tasks You can however disable the secondary appliance s HA state from its ...

Страница 583: ... to the pair Although the value defaults to zero the valid range of VRRP ID numbers is 1 through 255 Within this range you can specify any value that does not belong to another VRRP device on your network 8 In the Partner SSL Common Name field type the other appliance s SSL Common Name which is displayed on that appliance s Configuration Advanced Deployments High Availability tab in the Partner SS...

Страница 584: ... On the secondary appliance update the software and reboot After the reboot the appliance is still the secondary Verify that the installation succeeded The primary appliance should show that the secondary appliance exists but that automatic parameter synchronization is not working due to a version mismatch 3 On the primary appliance update the software and then reboot The reboot causes a failover ...

Страница 585: ...he Configuration Advanced Deployments High Availability HA tab 2 Unplug a network cable from the bridge of one appliance Call it Appliance A 3 Unplug the power cord from Appliance A 4 Restore the parameters on the other appliance Appliance B by uploading a previously saved set of parameters on the System Maintenance Backup Restore page and clicking Restore Settings Completing this operation requir...

Страница 586: ...es that can interfere with high availability mode are The other appliance is not running The HA parameters on the two appliances are not identical The two appliances are not running the same software release The two appliances do not have the same model number Incorrect or incomplete cabling between the appliances does not allow the HA heartbeat to pass between them The HA Group Mode SSL Certifica...

Страница 587: ...A single SD WAN WANOP 4000 5000 appliance can support WAN speeds of up to 2 Gbps and up to 5000 XenApp XenDesktop users For datacenters needing even more performance multiple SD WAN WANOP 4000 5000 appliances can be deployed as a load balanced array using the WCCP clustering feature Figure 2 Load balancing multiple SD WAN WANOP 4000 5000 appliances SD WAN WANOP 4000 5000 is recommended at the hub ...

Страница 588: ...ration interface for the appliance and provides access to key operating and monitoring elements of the appliance The management service displays SD WAN parameters as if they were from a single accelerator and all changes made through this interface are applied to all the accelerator instances The Xen hypervisor hosts all the virtual machines The hypervisor is not user configurable and should not be...

Страница 589: ...n the Private Traf fic Subnet The one arm connection between the NetScaler instance and the accelerators uses the SD WAN virtual inline mode in which the NetScaler instance routes packets to the accelerators and the accelerators route them back to the NetScaler instance Traffic flow over this internal traffic subnet is identical regardless of whether the mode visible to the outside world on the extern...

Страница 590: ...troducing a point of network failure The accelerated bridges support either 1 Gbps or 10 Gbps data rates Ethernet and SFP interfaces are supported depending on model One arm deployment One arm deployments are also supported using WCCP or virtual inline modes With such deployments a SD WAN 4000 5000 traffic port is usually connected directly to a port on the WAN router The other port on the bridged ...

Страница 591: ...ed in both directions For good performance a SD WAN 4000 5000 must have a LAN interface that is much faster than the WAN When the appliance is connected directly to the router in a one arm mode use a 10 Gbps router port Note The 10 Gbps ports support 10 Gbps only They do not negotiate lower speeds Use the 1 Gbps ports for 1 Gbps networks A SD WAN 4000 5000 appliance has at least two non accelerate...

Страница 592: ...000 appliances have the following ports 10 100Base T copper Ethernet Port RJ45 also called LOM port You can use this port to remotely monitor and manage the appliance independently of the appliance s software Note The LEDs on the LOM port are not operational by design RS232 serial console port Two 10 100 1000Base T copper Ethernet management ports RJ45 These ports are used to connect directly to t...

Страница 593: ... 1 TB removable hard disk drive Power switch which turns off power to the appliance just as if you were to unplug the power supply Press the switch for five seconds to turn off the power Disable alarm button This button is functional only when the appliance has two power supplies Press this button to stop the power alarm from sounding when you have plugged the appliance into only one power outlet ...

Страница 594: ... can use this port to remotely monitor and manage the appliance independently of the appliance s software Note The LEDs on the LOM port are not operational by design RS232 serial console port Two 10 100 1000Base T copper Ethernet management ports RJ45 These ports are used to connect directly to the appliance for system administration functions Eight 10G ports The following figure shows the back pan...

Страница 595: ... A 1 TB removable hard disk drive Disable alarm button This button is functional only when the appliance has two power supplies Press this button to stop the power alarm from sounding when you have plugged the appliance into only one power outlet or when one power supply is malfunctioning and you want to continue operating the appliance until it is repaired Dual power supplies either AC or DC each...

Страница 596: ...le units FRU are components that can be quickly and easily removed from the appliance and replaced by the user or a technician at the user s site The FRUs in a Citrix SD WAN 4000 5000 appliance can include DC or AC power supplies and solid state and hard disk drives Note By default the appliance ships with AC power supplies DC power supply is orderable ...

Страница 597: ...nal RED Power supply failure Make sure that the appliance has a direct physical connection to earth ground during normal use When installing or repairing an appliance always connect the ground circuit first and disconnect it last Always unplug any appliance before performing repairs or upgrades Never touch a power supply when the power cord is plugged in As long as the power cord is plugged in lin...

Страница 598: ...shutting down the appliance provided the other power supply is working T o install or replace a DC power supply on a Citrix SD WAN 4000 5000 appliance 1 Loosen the thumbscrew and press the lever towards the handle and pull out the existing power supply as shown in the following figure Figure 3 Removing the Existing DC Power Supply 2 Carefully remove the new power supply from its box 3 On the back ...

Страница 599: ...emoving the Existing Solid State Drive 3 Verify that the replacement SSD is the correct type for the platform 4 Pick up the new SSD open the drive handle fully to the left or up and insert the drive into the slot as far as possible To seat the drive close the handle flush with the rear of the appliance so that the drive locks securely into the slot Important When you insert the drive make sure tha...

Страница 600: ...by pushing the safety latch of the drive cover to the right or down depending on the platform while pulling out on the drive handle to disengage Pull out the faulty drive Figure 1 Removing the Existing Hard Disk Drive 4 Pick up the new disk drive open the drive handle fully to the left and insert the new drive into the slot as far as possible To seat the drive close the handle flush with the rear ...

Страница 601: ...trix SD WAN 5000 series AutoConfiguration N N SD WAN Connector Y Y SD WAN Plug In Y Y Compression Y Y RPC over HTTPS Y Y SSL Compression Y Y TCP Acceleration Y Y Traffic Shaping Y Y Video Caching N N Windows File System Acceleration Y Y Windows Outlook Acceleration Y Y XenApp XenDesktop Acceleration Y Y Group Mode Mode N N High Availability Mode Y Y Inline Mode Y Y Virtual Inline Mode Y Y WCCP Mod...

Страница 602: ...sessions 750 1 200 2 500 3 500 5 000 Total sessions 40 000 60 000 120 000 20 000 160 000 Acceleration Plug in CCUs 1 100 1 800 3 000 3 600 4 800 Hardware Specifications Processor Dual Intel E5645 Dual Intel E5645 Dual Intel E5645 Dual Intel X5680 Dual Intel X5680 Total disk space 3 2 TB 3 2 TB 3 2 TB 4 2 TB 4 2 TB SSD dedicated compression history 2 TB 2 TB 2 TB 3 TB 3 TB HDD 1 TB 1 TB 1 TB 1 TB 1 ...

Страница 603: ...ckets System depth 25 4 64 5 cm 25 4 64 5 cm 25 4 64 5 cm 25 4 64 5 cm 25 4 64 5 cm System weight 46 lbs 20 9 kg 46 lbs 20 9 kg 46 lbs 20 9 kg 49 lbs 22 2 kg 49 lbs 22 2 kg Shipping dimensions and weight 37 x 24 by 11 59 lbs 94 x 61 x 28 cm 26 8 kg 37 x 24 by 11 59 lbs 94 x 61 x 28 cm 26 8 kg 37 x 24 by 11 59 lbs 94 x 61 x 28 cm 26 8 kg 37 x 24 by 11 61 lbs 94 x 61 x 28 cm 27 7 kg 37 x 24 by 11 61...

Страница 604: ...5 95 non condensing 5 95 non condensing 5 95 non condensing 5 95 non condensing 5 95 non condensing Safety certifications UL TUV C UL TUV C UL TUV C UL TUV C UL TUV C Electromagnetic emissions certifications and susceptibility standards FCC Part 15 Class A DoC CE VCCI CNS AN NES FCC Part 15 Class A DoC CE VCCI CNS AN NES FCC Part 15 Class A DoC CE VCCI CNS AN NES FCC Part 15 Class A DoC CE VCCI CNS ...

Страница 605: ...ess http 192 168 1 3 2 In the User Name box type nsroot 3 In the Password box type nsroot You can use the Intelligent Platform Management Interface IPMI also known as the Lights Out Management LOM port to remotely monitor and manage the appliance independently of the NetScaler software For initial configuration of the lights out management LOM port connect to the port s default IP address and chang...

Страница 606: ... view the health information about the appliance All system sensor information such as system temperature CPU temperature status of fan and power supplies appears on the sensor readings page T o obtain health monitoring inf ormation 1 In a web browser type the IP address of the LOM port 2 In the User Name and Password boxes type the administrator credentials 3 In the Menu bar click System Health 4...

Страница 607: ...tisfied that your appliance has been delivered to your expectations verify that the location where the appliance will be installed meets temperature and power requirements and that the server cabinet or floor to ceiling cabinet is securely bolted to the floor and has sufficient airflow Only trained and qualified personnel should install maintain or replace the appliance and efforts should be taken to en...

Страница 608: ...o power cables One fiber patch cable One standard 4 post rail kit Note If the kit that you received does not fit your rack contact your Citrix sales representative to order the appropriate kit In addition to the items included in the box with your new appliance you will need the following items to complete the installation and initial configuration process Ethernet cables for each additional Ether...

Страница 609: ...nt and a dust free environment Power density Wiring capable of handling at least 4 000 watts per rack unit in addition to power needs for the CRAC The rack on which you install your appliance should meet the following criteria Rack characteristics Racks should be either integrated into a purpose designed server cabinet or be the floor to ceiling type bolted down at both top and bottom to ensure st...

Страница 610: ...nstalling or repairing an appliance always make sure that the ground circuit is connected first and disconnected last Make sure that a fuse or circuit breaker no larger than 120 VAC 15 A U S 240 VAC 16 A international is used on all current carrying conductors on the power system to which your appliances are connected Do not work alone when working with high voltage components Always disconnect th...

Страница 611: ...he room Therefore consider the lowest and highest operating temperatures of the equipment when making a decision about where to install the appliance in the rack Make sure that the leveling jacks on the bottom of the rack are fully extended to the floor with the full weight of the rack resting on them For a single rack installation attach a stabilizer to the rack For a multiple rack installation c...

Страница 612: ...tal standards and the server rack is in place according to the instructions you are ready to install the hardware After you mount the appliance you are ready to connect it to the network to a power source and to the console terminal that you will use for initial configuration To complete the installation you turn on the appliance Be sure to observe the cautions and warnings listed with the installa...

Страница 613: ... instructions for threaded round hole racks To mount the appliance you must first install the rails and then install the appliance in the rack Perform the following tasks to mount the appliance Remove the inner rails from the rail assembly Attach the inner rails to the appliance Install the rack rails on the rack Install the appliance in the rack To remove the inner rails from the rail assembly 1 P...

Страница 614: ...ock the rear rail flange into the rack With the screw securing the rail in place you can optionally remove the latching spring Figure 4 Installing the Rail Assembly to the Rack To install the appliance in the rack 1 Align the inner rails attached to the appliance with the rack rails 2 Slide the appliance into the rack rails keeping the pressure even on both sides 3 Verify that the appliance is loc...

Страница 615: ...face of the transceiver To install a 1G SFP transceiver 1 Remove the 1G SFP transceiver carefully from its box Danger Do not look directly into fiber optic transceivers or cables They emit laser beams that can damage your eyes 2 Align the 1G SFP transceiver to the front of the 1G SFP transceiver port on the front panel of the appliance as shown in the following figure Note The illustration in the ...

Страница 616: ...e connector or the optical interface of the transceiver To install a 10G SFP transceiver 1 Remove the 10G SFP transceiver carefully from its box Danger Do not look directly into fiber optic transceivers and cables They emit laser beams that can damage your eyes 2 Align the 10G SFP transceiver to the front of the 10G SFP transceiver port on the front panel of the appliance 3 Hold the 10G SFP transc...

Страница 617: ...2 or later or The appliance was shipped from the factory with release 7 2 1 or earlier but you upgrade it to 7 2 2 or later and change the default loopback in the management service on System Configuration System Configure Loopback Settings Note If you decide to eliminate the need to use loopback cable the ports 10 3 and 10 4 are still reserved These ports are not available for WAN optimization Fi...

Страница 618: ...e other end into the target device such as a router or switch 3 Verify that the LED glows amber when the connection is established Connecting the Console Cable You can use the console cable to connect your appliance to a computer or terminal from which you can configure the appliance Before connecting the console cable configure the computer or terminal to support VT100 terminal emulation 9600 bau...

Страница 619: ...ollowing figure Figure 3 Inserting a power cable 2 Connect the other end of the power cable to a standard 110V 220V power outlet 3 Repeat steps 1 and 2 to connect the second power supply Note The appliance emits a high pitched alert if one power supply fails or if you connect only one power cable to the appliance To silence the alarm you can press the small red button located on the back panel of ...

Страница 620: ...outlet for a different circuit than the first After verifying the connections you are ready to switch on the appliance To switch on the appliance 1 Verify that the appliance is connected through a console or Ethernet port This will ensure that you can configure the appliance after it is switched on 2 Press the ON OFF toggle power switch on the back panel of the appliance Caution Be aware of the lo...

Страница 621: ...000 5000 deployments require adequate planning especially for units deployed in large datacenters An appropriate appliance or group of appliances must be selected to support both the current and anticipated load A deployment mode must be selected to match the requirements of your site Other aspects must also be considered ...

Страница 622: ...pliance runs short of resources Never overcommit any SD WAN appliance especially in the datacenter Provision your datacenter to easily accommodate peak loads Provide enough capacity for expected expansion over the life of the deployment SD WAN 4000 5000 appliances using the same hardware platform can have their capacity upgraded with a new license as part of the Citrix pay as you grow program SD W...

Страница 623: ... SD WAN 4000 5000 is placed between your LAN and your WAN router or other aggregation point at the LAN WAN boundary In a one arm mode SD WAN 4000 5000 is generally connected directly to a dedicated port on your WAN router In cases where the WAN router ports are not as fast as the LAN for example when the WAN router has gigabit Ethernet but the LAN has10 gigabit Ethernet inline mode provides better...

Страница 624: ...00 appliance Inline mode is convenient for smaller WAN networks and simpler datacenters It is most commonly used with the SD WAN 4000 5000 310 and 500 and more rarely with the larger appliances Cascaded installations should use WCCP Note Only WCCP mode with a single router is currently documented ...

Страница 625: ...ains the management IP address of the remote SD WAN This method is used for connections from remote SD WAN appliances and remote SD WAN Plug ins Other connections Incoming non accelerated connections and all outgoing connections are also distributed among the accelerators according to the least connection method but since they do not contain an AgentID field they cannot use AgentID persistence Inst...

Страница 626: ...7 Citrix Systems Inc All rights reserved p 626 https docs citrix com dealing with overloaded instances can be changed from assigning connections to a difference instance to passing them through as unaccelerated ...

Страница 627: ...ifferent categories accelerated and non accelerated is probably sufficient and only the largest remote sites need to be considered individually 5 Determined whether there are multiple datacenters with datacenter to datacenter traffic and whether any remote datacenters have a SD WAN 4000 5000 appliance 6 Decided whether you plan to increase WAN capacity the number of sites or the number of users in...

Страница 628: ...oy the appliance on the network you must configure the appropriate IP addresses on the appliance to accelerate the network traffic Initial configuration consists of the following tasks Identify the prerequisites for the initial configuration Record various values required in the initial configuration procedure Configure the appliance by connecting it to the Ethernet port Assign management IP address...

Страница 629: ... than those recommended for SD WAN 4000 and 5000 appliances License File The number of accelerator appliances depend on the hardware platform and the type of license you apply to the appliance The following list displays the number of accelerators that gets provisioned automatically by the Configuration Wizard Model 310 Two Model 500 Three Models 1000 and 1500 Six Model 2000 Eight Before you start...

Страница 630: ...subnet must be specified along with the correct subnet mask The following figure is a worksheet for these parameters It supports inline and WCCP modes with and without HA The table below the figure describes what each entry means Figure 1 Deployment worksheet Table 1 Deployment Worksheet Parameters Parameter Example Your Value Description Management Subnet M2 Gateway IP address 10 199 79 254 Default ...

Страница 631: ...ID of GRE router T9 Traffic Port 10 1 Port used for accelerated traffic T10 Inline Additional Traffic Port Other traffic port in pair T11 T12 WCCP Service Groups TCP UDP 71 72 Service groups used by accelerator 1 for WCCP First is for TCP traffic second is for UDP T13 T14 Not used T15 T16 Inline Ports used by link 2 10 5 10 6 If multiple links are used with inline mode these ports are used for lin...

Страница 632: ... you start configuring the appliance you must change the IP address of the management service to the one in your management network so that you can access the appliance over the network You can change the management IP address by connecting a computer to the appliance through either the Ethernet port or the serial console ...

Страница 633: ...255 0 0 On a Windows device this is done by changing the Internet Protocol Version 4 properties of the LAN connection as shown below You can leave the gateway and DNS server fields blank 2 Using an Ethernet cable connect this computer to the port labeled PRI on the SD WAN appliance 3 Switch on the appliance Using the web browser on the computer access the appliance by using the default management ...

Страница 634: ...l rights reserved p 634 https docs citrix com browser you are using 14 Log on to the appliance by using the nsroot user name and the password from your worksheet 15 To complete the configuration process see Provisioning the Appliance ...

Страница 635: ...e appliance ssh 169 254 0 10 6 Enter Yes to continue connecting to the management service 7 Log on to the shell prompt of the appliance with the following default credentials Password nsroot 8 At the logon prompt run the following command to open the Management Service Initial Network Address Configuration menu networkconfig 9 Type 1 and press Enter to select option 1 and specify a new management ...

Страница 636: ...lick Logout clear your browser cache close your browser and open it again To configure the appliance by using the configuration wizard 1 On the Welcome page click Get Started Note All pages after the Get Started page have a heading that says Deployment Mode Inline L2 Mode but this wizard is used for all deployment modes 2 Follow these steps to configure a fully 7 3 compliant system Acquire the fol...

Страница 637: ...ount If the password is not changed it remains set to nsroot the default Figure 1 Sample Values for the Fields in Management Access Settings Page of the Configuration 4 Check your settings and click Continue 5 In the Manage Licenses section see if an appropriate license is already listed in the Name field If so select it and skip to step 8 6 Click Upload in the Update Licenses section 7 Navigate t...

Страница 638: ...nfiguration section from list T7 in your worksheet as shown in the following figure This subnet will be added as a local LAN subnet in the accelerator If you have more than one LAN subnet you can add them to the LAN link definition in the Accelerator GUI after the configuration wizard completes Click Add to add the subnet Figure 5 Link Configuration Is at the Bottom of This Page 12 Log off and the...

Страница 639: ...ll of the following modes are recommended at this time they are all supported WCCP mode with a single router WCCP mode with a single router and high availability Cascade of two or more appliances in WCCP mode along with a NetScaler MPX Appliance Cascade of two or more appliances in WCCP mode along with a NetScaler MPX Appliance in HA Inline mode Inline mode in HA Virtual inline mode Virtual inline...

Страница 640: ...r Virtual inline mode provides a solution for asymmetric routing issues faced in a deployment with two or more WAN links Note Citrix recommends that you do not deploy SD WAN appliances in virtual inline mode with routers that do not support health monitoring The tasks for configuring virtual inline mode are performed on the router On the SD WAN appliance just verify that the software version suppor...

Страница 641: ...erent subnets For example you can deploy the appliance in one arm mode for managing the Repeater instances with the NetScaler and local Repeater instances connected by the internal private subnet A NetScaler owned subnet IP address SNIP is used to communicate with an accelerator instance You must enable MAC Based Forwarding MBF Use Subnet IP address USNIP and Return To Ethernet Sender options on t...

Страница 642: ...ployed in virtual inline mode with one router and one link If you are deploying a SD WAN appliance in virtual inline mode with one router and one link complete the following procedures Enable Layer 3 Mode Enable the Return to Ethernet Sender Mode Add a Subnet IP Address Bind the Subnet IP Address to VLAN of Data Interface Configure a Router ...

Страница 643: ...l inline mode with two routers and one link If you are deploying a SD WAN appliance in virtual inline mode with two routers and a single link complete the following procedures Enable Layer 3 Mode Enable the Return to Ethernet Sender Mode Add a Subnet IP Address Bind the Subnet IP Address to VLAN of Data Interface Configure a Router both routers individually ...

Страница 644: ... SD WAN appliance in virtual inline mode with two routers and a single link complete the following procedures Enable Layer 3 Mode Enable the Return to Ethernet Sender Mode Add a Subnet IP Address Bind the Subnet IP Address to VLAN of Data Interface Configure Layer 4 Parameters only if you expect connection migration between routers Configuring VLANs for Connection Migration Configure a Router both...

Страница 645: ...n high availability setup and one link If you are deploying a SD WAN appliance in virtual inline mode with two routers and a single link complete the following procedures Enable Layer 3 Mode Enable the Return to Ethernet Sender Mode Add a Subnet IP Address Bind the Subnet IP Address to VLAN of Data Interface Configure a Router both routers individually Configure Routers in High Availability Setup ...

Страница 646: ...et M2 Gateway IP address 10 199 79 254 Default gateway serving the management subnet M3 Subnet Mask 255 255 255 128 Subnet mask for the management subnet M4 Xen Hypervisor IP address 10 199 79 225 IP address of Xen Hypervisor M5 Service VM IP address 10 199 79 226 IP address of Management Service VM which controls configuration M6 Accelerator UI 10 199 79 227 Accelerator GUI also called the Broker...

Страница 647: ... of the accelerators T7 Local LAN Subnets 10 200 0 0 16 The local LAN subnet to be accelerated This is the only subnet that will receive acceleration T8 Traffic Port 10 1 Port used for accelerated traffic T9 Traffic Port 10 6 Port used for accelerated traffic Parameter Example Your Value Description Note Ports 10 3 and 10 4 are reserved for loopback cable Do not configure these ports as traffic po...

Страница 648: ...de To deploy the SD WAN appliance in virtual inline mode you must configure the NetScaler instance of the appliance to support this mode To configure the NetScaler instance for the virtual inline mode of the appliance Enable L3 Mode Enable the Return to Ethernet Sender Mode Add a Subnet IP Address Bind the Subnet IP Address to VLAN of Data Interface Configuring the Instance for Connection Migration...

Страница 649: ... using the conf iguration utility 1 Access the NetScaler instance by clicking the NetScaler instance s IP address on the Configuration Instances NetScaler page You are logged on to the NetScaler instance automatically 2 Navigate to the System Settings page 3 Click the Configure modes link 4 In the Configure Modes dialog box select Layer 3 Mode IP Forwarding option 5 Clear the Layer 2 Mode option a...

Страница 650: ...wn traffic back but not the traffic from the other router This mode also works with a single router T o enable the Return to Ethernet Sender mode by using the conf iguration utility 1 Navigate to the System Network page 2 Click the Configure Layer 2 Parameter link as shown in the following figure 3 In the Configure Layer 2 Parameter dialog box select the Return to Ethernet Sender option as shown i...

Страница 651: ...figuration wizard If it has already been created it is listed on the IPs page The subnet IP address declares the external traffic network In the IP Address field type the NetScaler traffic IP address entry T4 in your worksheet 4 In the Netmask field specify the network mask entry T3 in your worksheet 5 From the IP Type group make sure that the Subnet IP option is selected as shown in the following...

Страница 652: ...shown in the following figure 4 In the Interface Bindings tab of the Configure VLAN dialog box notice that the VLAN is bound to interfaces 10 1 entry T9 of your worksheet and 10 2 5 In the IP Bindings tab select the subnet IP address you have created as shown in the following figure 6 Click Create and then Close 7 If you are configuring the appliance for two links repeat this procedure to bind sec...

Страница 653: ...d to interfaces that are bound to different VLANs then you must bind the interfaces to the same VLAN to enable connection migration Additionally you must bind both subnet IP addresses to the same VLAN Skip this procedure if you are using interfaces that are bound to the same VLAN T o conf igure VLANs f or connection migration by using the conf iguration utility 1 Navigate to the System Network VLA...

Страница 654: ... 1999 2017 Citrix Systems Inc All rights reserved p 654 https docs citrix com bind vlan 1007 ifnum 10 6 bind vlan 1007 IPAddress 172 17 18 2 255 255 255 0 ...

Страница 655: ...port on which packets arrive Packets that arrive on the interface dedicated to the appliance are never forwarded back to the appliance but packets arriving on any other interface can be Traffic shaping is not effective unless all WAN traffic passes through the appliance Following is the basic routing algorithm Do not forward packets from the appliance back to the appliance If the packet arrives fr...

Страница 656: ... 51 0 0 0 0 255 route map wan_side_map permit 20 match ip address wan_side Now set the appliance as the next hop if it s up set ip next hop verify availability 17 17 17 1 20 track 123 route map client_side_map permit 10 match ip address client_side set ip next hop verify availability 17 17 17 1 10 track 123 This example applies an access list to a route map and attaches the route map to an interfa...

Страница 657: ... rights reserved p 657 https docs citrix com ip access list extended wan_side permit tcp 10 20 20 0 0 0 0 255 10 200 51 0 0 0 0 255 To configure high availability between routers see the router specific high availably configuration manual ...

Страница 658: ...re service classes for the respective applications To configure a service class see http support citrix com proddocs topic SD WAN 72 cb traffic classification con html To verify that you have successfully configure the appliance in the virtual inline mode 1 Send network traffic through the appliance 2 Navigate to the SD WAN Monitoring Optimization Connections page 3 Verify that the Accelerated Connec...

Страница 659: ... WCCP is the original SD WAN WCCP offering supported since release 3 x It supports a single appliance service group no clustering WCCP clustering introduced in release 7 2 allows your router to load balance traffic between multiple appliances The physical mode for WCCP deployment of a SD WAN appliance is one arm mode in which the SD WAN appliance is connected directly to a dedicated port on the WA...

Страница 660: ...first contacts the router over the WCCP control channel UDP port 2048 and the appliance and router exchange information with packets named Here_I_Am and I_See_You respectively By default this process is repeated every ten seconds If the router fails to receive a message from the appliance for three of these intervals it considers the appliance to have failed and stops forwarding traffic to it until ...

Страница 661: ...ance becomes inactive WCCP clustering allows multiple appliances per service group The following figure shows a simple WCCP deployment suitable for either L2 or GRE The traffic port 1 1 is connected directly to a dedicated router port Gig 4 12 Figure 3 Simple WCCP deployment In this example the SD WAN 4000 5000 is deployed in one arm mode with the traffic port 1 1 and the management port 0 1 each c...

Страница 662: ...iances with more than one accelerated pair all the traffic for a given WCCP service group must arrive on the same accelerated pair Do not mix inline and WCCP traffic on the same appliance The appliance does not enforce this guideline but violating it can cause difficulties with acceleration WCCP and virtual inline modes can be mixed but only if the WCCP and virtual inline traffic are coming from d...

Страница 663: ...eate a service group definition on the SD WAN appliance 2 Verify that this service group establishes WCCP communication with its associated routers 3 Verifying WCCP Mode 4 If using high availability mode configure and test the second appliance then complete the Configuring the High Availability Setup on the Appliances procedure Note This information is for WCCP mode For WCCP Clustering see the SD ...

Страница 664: ...aces Example Following is an example of configuring a Cisco IOS router This example is for WCCP mode not WCCP clustering which is covered elsewhere config term ip wccp version 2 The two service groups are T11 and T12 on the configuration worksheet We will use group 72 for TCP and 73 for UDP ip wccp 72 ip wccp 73 Repeat the following lines for each WAN interface you wish to accelerate interface WAN...

Страница 665: ... ip verify unicates reverse path commands no ip verify unicast reverse path ip wccp 72 redirect in ip wccp 73 redirect in Z Remember to save your router configuration when you are satisfied that it is correct One accelerator instance manages WCCP control traffic on behalf of all the instances The WCCP control traffic is negligible The actual data traffic is divided among all the accelerators Note Th...

Страница 666: ... enter a password if your router is configured to require one Otherwise leave the field blank 10 In the Router Communications Details area in the Router IP Address field enter the IP address of the router This is the router s address for its appliance facing interface T8 on your worksheet If you use multiple routers to communicate with the appliance list them all here 11 From the Router Assignment...

Страница 667: ...d monitor the connection on the Monitoring Optimization Connections page If the connections are shown on the Accelerated Connections tab that is an indicator that everything is working If the connections are on the Unaccelerated Connections tab look at the Details column A routing asymmetry detected message implies that one of the ip wccp redirect lines on the router is missing or has an error or ...

Страница 668: ...p to 32 appliances in a fault tolerant load balanced array called a cluster In the example below three identical appliances same model same software version are cabled identically and configured identically except for their IP addresses Appliances using the same service groups with the same router can become a load balanced WCCP cluster When a new appliance registers itself with the router it can j...

Страница 669: ...uses the mask method only using a mask of 1 6 bits of the 32 bit IP address These address bits can be non consecutive All addresses yielding the same result when masked are sent to the same appliance Load balancing effectiveness depends on choosing an appropriate mask value a poor mask choice can result in poor load balancing or even none with all traffic sent to a single appliance ...

Страница 670: ...wever the WCCP cluster should continue to operate without becoming overloaded if one appliance fails That can be accomplished by using three appliances when the calculations call for two This is called the N 1 rule Failure is an unusual event so usually all three appliances are in operation In this case each appliance is supporting only 67 Mbps and 250 users leaving plenty of headroom and making g...

Страница 671: ...ice groups are supported All routers using the same service group pair must support the same forwarding method GRE or L2 The forwarding and return method negotiated with the router must match both must be GRE or both must be L2 Some routers do not support L2 in both directions resulting in an error of Router s forward or return or assignment capability mismatch In this case the service group must ...

Страница 672: ...ights reserved p 672 https docs citrix com Planning Your Deployment Jan 30 2014 Deploying appliances in a WCCP cluster requires more planning than does deploying a single appliance Read the following sections carefully before proceeding ...

Страница 673: ...ad of WCCP clustering since the equation builds in a spare appliance In other words WCCP clustering is not necessary from a capacity perspective unless appliances is 3 or more Example Suppose you have 700 users and a 100 Mbps link Some appliances you might consider are the SD WAN 2000 050 the SD WAN 3000 100 and the SD WAN 4000 310 Model Optimized WAN Capacity Maximum HDX Sessions Appliances_bw Ap...

Страница 674: ...ive or more caches some caches are idle because each bucket is assigned to only one cache and there are not enough buckets to cover all five caches Cache 1 2 3 4 5 Buckets 0 1 2 3 If there are more buckets than caches some caches are assigned multiple buckets For example if you set three mask bits creating eight buckets and you have four caches two buckets are assigned to each cache If you have fi...

Страница 675: ...ppliances the address mask must contain at least three one bits The one bits in the address mask must each be inside the active address range for most of your remote subnets or they skew the load balancing distribution The mask should split the address range of individual remote sites into as few pieces as possible for best compression performance If a remote appliance is faster than the local mem...

Страница 676: ...ch appliance gets its fair share of bucket with the lowest numbered bucket being assigned to the appliance with the lowest IP address If there are more appliances than buckets the leftover appliances with no bucket assigned to them are the ones with the highest numbered IP addresses This deterministic assignment allows traffic to arrive for a single connection through any of the routers in the serv...

Страница 677: ...ight come online within the same ten second window or they might arrive over multiple ten second windows causing traffic to be reapportioned multiple times before it stabilizes In the latter case the appliances that come online first maycan become overloaded until additional appliances come online An accelerated connection fails when allocated to a different appliance making reallocation disruptive ...

Страница 678: ...e Uspec From data sheet XenApp and XenDesktop Users on WAN Link Uwan User overload Factor Uoverload Uwan Uspec Supported BW Per Appliance BWspec From data sheet WAN Link BW BWwan BW Overload Factor BWoverload BWwan BWspec Number of appliances required N max Uoverload BWoverload 1 Includes one spare Min number of buckets Bmin N rounded up a power of 2 If SD WAN 4000 or 5000 Bmin 2 N rounded up to a...

Страница 679: ...rk field perhaps only two or three bits If this is the case with your network instead of masking bits in the offending area of the subnet field displace those bits to a portion of the host address field that has the 50 50 property For example if only three subnet bits in a 24 subnet have the 50 50 property and you are using four mask bits a mask of 0x00 00 07 10 avoids the offending bit at 0x00 00 08...

Страница 680: ...er you have finalized the deployment topology considered all limitations and filled in the deployment worksheet you are ready to deploy your appliances in a WCCP cluster To configure the WCCP cluster you need to perform the following tasks Configuring the NetScaler Instances Configuring the Router Configuring the Appliance ...

Страница 681: ...router This procedure assumes Cisco routers but is similar on other routers It uses the first of the two methods discussed above of redirecting WCCP traffic with an ip wccp redirect in statement on both LAN and WAN ports 1 Fill in the WCCP clustering Deployment Worksheet 2 Log on to your router 3 In the global declarations section declare each service group on the WCCP clustering worksheet listed ...

Страница 682: ...with an ip wccp 62 redirect in statement Similarly if the router used multiple ports for WAN traffic each port is configured with an ip wccp 61 redirect in statement If multiple routers shared the same WCCP cluster they use the same service groups It is also possible to use ip wccp redirect statements on only the WAN interfaces Example for WCCP clustering using WCCP redirect in out statements on W...

Страница 683: ...ter is configured to require a password enter the password in the Service Group Password field Otherwise leave the field blank 13 In the Router Communications Details section enter the IP address of the router T8 on your worksheet often identical to T1 as well This is the IP address of the appliance facing router interface If you use multiple routers to communicate with the appliance list them all...

Страница 684: ...ignment You must refresh the page manually to monitor changes in status If the appliance does not reach the status of 25 has assignment within a timeout period other informative status messages are displayed Additional information is displayed when you click on the Service Group or the Routers tabs T he Cluster Summary tab displays information about the WCCP cluster as a whole As a side effect of ...

Страница 685: ...ough transparently as if the appliance were not there For maximum reliability the bridge pairs are equipped with a bypass feature that causes the two ports to be connected to each other should the appliance fail or lose power allowing traffic to continue flowing even during such an outage Starting in release 7 1 inline mode depends on the NetScaler add interfacePair command to isolate bridge traffic ...

Страница 686: ... configure You connect one port of an accelerated pair to the WAN router and the other to the LAN network The appliance transparently accelerates traffic flowing between the two ports which to the rest of the network appear to be an Ethernet bridge You can also deploy the appliance to accelerate traffic from certain resources only such as back end servers and not the traffic of the entire network Such ...

Страница 687: ...rfacePair command in the NetScaler command line interface The following examples show how this command is used to create port affinity on all bridged pairs in the appliance SD WAN 4000 add interfacePair 1 ifnum 1 1 1 2 add interfacePair 2 ifnum 1 3 1 4 add interfacePair 3 ifnum 1 5 1 6 add interfacePair 4 ifnum 1 7 1 8 add interfacePair 5 ifnum 10 1 10 2 SD WAN 5000 add interfacePair 1 ifnum 10 1 ...

Страница 688: ...nd bind it to both ports of the bridge such as ports 10 1 and 10 2 as shown in the example below Figure 1 Tagged VLANs for VLAN trunking VLAN 412 is tagged VLANs can be declared in either of two ways 1 From the System Settings Configure NSVLAN Settings dialog box This method declares a VLAN whose broadcast traffic is isolated from other VLANS This method is recommended for the management subnet It...

Страница 689: ...aintaining network continuity at all times This feature is automatic and requires no user configuration When the bypass relay is closed the bridge ports of the appliance are inaccessible The bypass feature is disabled when the NetScaler instance is set to L3 mode Because L3 mode is the factory default inline mode should be configured before the appliance is placed in line with data traffic The bypa...

Страница 690: ...s not contain tagged VLAN traffic skip to the last step of this procedure 3 Navigate to the NetScaler instance at Configuration NetScaler Instances and click on the IP address of the NetScaler instance 4 If the Citrix SD WAN Connector Get Started page appears ignore it 5 Click Configuration Network VLANs Add 6 In the Create VLANdialog box configure the tagged VLANs to use bridge 1 In the VLAN Id f...

Страница 691: ...d must be deployed identically using the same deployment modes on the same subnets When you enable HA the configuration of the primary appliance s NetScaler instance is copied to the secondary appliance as part of the NetScaler HA synchronization process T o conf igure a high availability setup of NetScaler instances 1 Complete the configuration for your chosen deployment mode inline or WCCP Note t...

Страница 692: ...he NetScaler instances 10 Click OK The appliances are now configured as a high availability pair as shown in the following figure Figure 3 Configuring high availability on the NetScaler instance Note To learn more about setting up high availability on a NetScaler instance see the High Availability node of the Citrix eDocs website ...

Страница 693: ...erated you might have a problem with asymmetrical routing with not having a SD WAN license installed or with having acceleration disabled either globally or on the service classes associated with the traffic 6 When all is working properly test reverse connections where a site on the SD WAN 4000 5000 side is the client and the remote site is the server if applicable 7 If using NetScaler HA save the...

Страница 694: ...e WAN link to capacity run test traffic to fill the network to capacity Then look at the link reports on the Reports Link Usage tab The following figure shows these reports General Monitoring 1 If WCCP is configured verify that the service groups are in operation and the routers are redirecting traffic Note that the SD WAN WCCP page packet counts are not present in SD WAN 4000 5000 Check traffic by o...

Страница 695: ...his address space is segmented into three partly overlapping subnets system management private traffic and accelerator management subnets System Management Subnet 169 254 0 0 16 Function Address Management Service 169 254 0 10 16 NetScaler Instance 169 254 0 11 16 XenServer 169 254 0 1 16 Private T raf f ic Subnet 169 254 10 0 24 Function Address apA IP accelerators 1 8 169 254 10 21 24 169 254 10 ...

Страница 696: ...e of the System Configuration view as shown below Click the IP Address link You can also log into the NetScaler instance directly from your browser if you know its IP address on the management port port 0 1 Once logged in you will see the NetScaler GUI which identifies itself as NetScaler VPX at the top of the page This is the standard NetScaler user interface Using monitoring features is safe Confi...

Страница 697: ...re the IP address of an instance typically the management service that has become unreachable due to misconfigured network parameters Otherwise SSH is not recommended as configuration changes can render the appliance unstable or unusable If neither of the two instances below are accessible over the network you can log into the XenServer instance using the RS 232 port which will give you a shell prom...

Страница 698: ...may be overwritten later by the synchronization process Using Individual Elements of the Update Bundle The update bundles distributed by Citrix are in a simple tgz format a tar archive compressed with gzip It is sometimes useful to extract individual components from the archive rather than going back to the the Citrix Web site and downloading them individually This is most commonly useful with the...

Страница 699: ...thin a given series all models use the same hardware and the different WAN speed ratings are obtained through different licensing options For example the SD WAN 410 SE models the 410 20 410 50 410 100 and 410 150 use the same hardware and an appliance can be licensed as either a 20 Mbps 50 Mbps 100 Mbps or 150 Mbps appliance The licensed bandwidth applies only to the sending direction so a SD WAN ...

Страница 700: ...itical information about different parts of the appliance Power Fail Indicates that a power supply unit has failed Information LED Indicates the following Status Description Continuously on and red The appliance is overheated This might be a result of cable congestion Blinking red 1Hz Fan failure Blinking red 0 25Hz Power failure Solid blue Local UID has been activated Use this function to locate ...

Страница 701: ...isible on the back panel of a SD WAN 400 SE appliance Cooling fan Single power supply rated at 200 watts 110 240 volts Accelerated pairs of Ethernet ports apA and apB which function as accelerated bridges Individual port assignments LAN1 is apA 1 WAN1 is apA 2 LAN2 is apB 1 LAN2 is apB 2 RS 232 serial console port One Aux Ethernet port and one management port Two USB ports One Solid State Drive SS...

Страница 702: ...Indicates the status of the third pair of bypass ports Power When blinking indicates that the applaince is doing factory reset The LEDs provide critical information about different parts of the appliance Power Fail Indicates that a power supply unit has failed Information LED Indicates the following Status Description Continuously on yellowish orange looks like red Data ports are in bypass mode FT...

Страница 703: ...ppliance No LOM port Does not support fail to wire Two USB ports One Solid State Drive SSD 64 GB SATADOM Power switch which turns power to the appliance on or off Press the switch for less than two seconds to turn off the power For information about installing the rails rack mounting the hardware and connecting the cables see Installing the Hardware For information about performing initial configur...

Страница 704: ...cessor 2 Cores 4 Cores Total disk space 1 x 160 GB SSD 64 GB SATADOM SSD dedicated Compression history 40 GB N A RAM 8 GB 8 GB Network Interfaces 2 pair with bypass 10 100 1000 N A Transceiver support No No The FTW ports are pre installed with Transceivers Power supplies 1 1 Physical Dimensions Rack Units 1U 1U System width EIA 310 D for 19 inch racks EIA 310 D for 19 inch racks System depth 10 5 ...

Страница 705: ...tions CSA EN IEC UL 60950 1 Compliant UL or CSA Listed USA and Canada CE Marking Europe CSA EN IEC UL 60950 1 Compliant UL or CSA Listed USA and Canada CE Marking Europe Electromagnetic and susceptibility certifications FCC Part 15 Class A CCC KCC NOM CITC EAC DoC CE VCCI RCM FCC Part 15 Class A CCC KCC NOM CITC EAC DoC CE VCCI RCM Environmental certifications RoHS WEEE RoHS WEEE REACH optional 200W...

Страница 706: ...tisfied that your appliance has been delivered to your expectations verify that the location where the appliance will be installed meets temperature and power requirements and that the server cabinet or floor to ceiling cabinet is securely bolted to the floor and has sufficient airflow Only trained and qualified personnel should install maintain or replace the appliance and efforts should be taken to en...

Страница 707: ...ered a SD WAN 400 or 410 appliance the box should contain The appliance you ordered One RJ45 console cable One 6 ft CAT5 network cable One power cable One standard 4 post rail kit In addition to the items included in the box with your new appliance you will need the following items to complete the installation and initial configuration process Ethernet cables for each additional Ethernet port that ...

Страница 708: ...ee environment Power density Wiring capable of handling at least 4 000 watts per rack unit in addition to power needs for the CRAC Rack Requirements The rack on which you install your appliance should meet the following criteria Rack characteristics Racks should be either integrated into a purpose designed server cabinet or be the floor to ceiling type bolted down at both top and bottom to ensure ...

Страница 709: ...rmal use When installing or repairing an appliance always make sure that the ground circuit is connected first and disconnected last Make sure that a fuse or circuit breaker no larger than 120 VAC 15 A U S 240 VAC 16 A international is used on all current carrying conductors on the power system to which your appliances are connected Do not work alone when working with high voltage components Alway...

Страница 710: ... the room Therefore consider the lowest and highest operating temperatures of the equipment when making a decision about where to install the appliance in the rack Rack Precautions Make sure that the leveling jacks on the bottom of the rack are fully extended to the floor with the full weight of the rack resting on them For a single rack installation attach a stabilizer to the rack For a multiple ...

Страница 711: ...tal standards and the server rack is in place according to the instructions you are ready to install the hardware After you mount the appliance you are ready to connect it to the network to a power source and to the console terminal that you will use for initial configuration To complete the installation you turn on the appliance Be sure to observe the cautions and warnings listed with the installa...

Страница 712: ...ner rail To attach the inner rails to the appliance 1 Position the right inner rail behind the ear bracket on the right side of the appliance 2 Align the holes on the rail with the corresponding holes on the side of the appliance 3 Attach the rail to the appliance with the provided screws 4 Repeat steps 1 through 3 to install the left inner rail on the left side of the appliance To install the rac...

Страница 713: ... 1999 2017 Citrix Systems Inc All rights reserved p 713 https docs citrix com ...

Страница 714: ...pends on the type of port used to connect to the network Use a category 5e or category 6 Ethernet cable with a standard RJ 45 connector on a 10 100 1000BASE T port To connect an Ethernet cable to a 10 100 1000BASE T port 1 Insert the RJ 45 connector on one end of your Ethernet cable into an appropriate port of the appliance 2 Insert the RJ 45 connector on the other end into the target device such ...

Страница 715: ... cable is not required because the three prong plug provides grounding Provide power to the appliance by installing the power cord To connect the appliance to the power source 1 Connect one end of the power cable to the power outlet on the back panel of the appliance next to the power supply 2 Connect the other end of the power cable to a standard 110V 220V power outlet ...

Страница 716: ...nt circuit than the first After verifying the connections you are ready to switch on the appliance To switch on the appliance 1 Verify that the appliance is connected through a console or Ethernet port This will ensure that you can configure the appliance after it is switched on 2 Depending on the appliance press the ON OFF toggle power switch or the power button to switch on the appliance Caution...

Страница 717: ...e appliance by connecting it to the Ethernet port Perform additional configuration for Windows Assign management IP address through the serial console Troubleshoot initial configuration issues By default the initial configuration deploys the appliance in inline mode Note On the SD WAN410 SE appliance the defaultstatic IP address is 192 168 100 1 Italso has DHCP enabled by default for Managementacce...

Страница 718: ...go to Configuration Appliance Settings Network Adapters Ethernet 1 Ensure thatyou have permanentDHCP address assigned to SD WANappliances 2 The DHCP address should be associated to the managementNIC address 3 Connectthe managementNIC address to the DHCP enabled LANor rebootthe applaince when ready Before you begin configuring the appliance make sure that the following prerequisites have been met Yo...

Страница 719: ...Inc All rights reserved p 719 https docs citrix com Setting up the SD WAN Appliance Nov 17 2016 To set up your NetScaler SD WAN Appliance hardware see the instructions documented in the Setting up the Appliance Hardware section ...

Страница 720: ...thernet MAC address In addition to pure forwarding modes the appliance has to account for additional types of connections including management connections to the GUI and the heartbeat signal that passes between members of a high availability pair For completeness these additional traffic modes are also listed in table below Table 1 How Ethernet and IP Addresses Determine the Mode Destination IP Add...

Страница 721: ... the appliance does not attempt to accelerate It is a traffic category not a forwarding mode Direct access where the appliance acts as an ordinary server or client The GUI and CLI are examples of direct access using the HTTP HTTPS SSH or SFTP protocols Direct access traffic can also include the NTP and SNMP protocols Appliance to appliance communication which can include signaling connections used...

Страница 722: ...SD WAN applainces have only the motherboard ports In this case the two motherboard ports are bridged The appliance s user interface can be accessed by a VLAN or non VLAN network You can assign a VLAN to any of the appliance s bridged ports or motherboard ports for management purposes Figure 1 Ethernet Ports Port List The ports are named as follows Table 1 Ethernet Port Names Motherboard port 1 Pri...

Страница 723: ...e Configuration IP Address page The speed duplex settings are set on the Configuration Interface page Notes about parameters Disabled ports do not respond to any traffic The browser based UI can be enabled or disabled independently on all ports To secure the UI on ports with IP addresses select HTTPS instead of HTTP on the Configuration Administrator Interface Web Access page Inline mode works even ...

Страница 724: ... The bypass feature is wired as if a cross over cable connected the two ports which is the correct behavior in properly wired installations Important Bypass installations must be tested Improper cabling might work in normal operation but not in bypass mode The Ethernet ports are tolerant of improper cabling and often silently adjust to it Bypass mode is hard wired and has no such adaptability Test...

Страница 725: ...ll rights reserved p 725 https docs citrix com High Availability with Multiple Bridges Two units with multiple bridges can be used in a high availability pair Simply match up the bridges so that all links pass through both appliances ...

Страница 726: ... Primary Port If the Primary port is enabled and has an IP address assigned to it the appliance uses that IP address to identify itself to other acceleration units This address is used internally for a variety of purposes and is most visible to users as the Partner Unit field on the Monitoring Optimization Connections page If no motherboard port is enabled the appliance uses the IP address of Acce...

Страница 727: ... 1999 2017 Citrix Systems Inc All rights reserved p 727 https docs citrix com VLAN Support ...

Страница 728: ... 1999 2017 Citrix Systems Inc All rights reserved p 728 https docs citrix com Inline Mode Note ...

Страница 729: ... 1999 2017 Citrix Systems Inc All rights reserved p 729 https docs citrix com Ethernet Bypass and Link Down Propagation ...

Страница 730: ... 1999 2017 Citrix Systems Inc All rights reserved p 730 https docs citrix com Accelerating an Entire Site ...

Страница 731: ... 1999 2017 Citrix Systems Inc All rights reserved p 731 https docs citrix com Partial Site Acceleration ...

Страница 732: ... 1999 2017 Citrix Systems Inc All rights reserved p 732 https docs citrix com Configuring and Troubleshooting Inline Mode ...

Страница 733: ... 1999 2017 Citrix Systems Inc All rights reserved p 733 https docs citrix com Virtual Inline Mode Note ...

Страница 734: ... 1999 2017 Citrix Systems Inc All rights reserved p 734 https docs citrix com Configuring Packet Forwarding on the Appliance ...

Страница 735: ...rights reserved p 735 https docs citrix com Router Configuration Use a ping ICMP echo to see if appliance is connected track 123 rtr 1 reachabilit y rtr 1 type echo protocol IpIcmpecho 192 168 1 200 schedule 1 life forever start time now ...

Страница 736: ... 0 ip policy route map wan_side_map interface FastEthernet1 0 ip address 192 168 1 5 255 255 255 0 ip classless ip route 0 0 0 0 0 0 0 0 171 68 1 1 ip access list extended client_side permit ip 10 10 10 0 0 0 0 255 10 16 20 0 0 0 0 255 ip access list extended wan_side permit ip 10 16 20 0 0 0 0 255 10 10 10 0 0 0 0 255 route map wan_side_map permit 20 match ip address wan_side Now set the applianc...

Страница 737: ...ernet1 0 ip address 192 168 2 5 255 255 255 0 ip classless ip route 0 0 0 0 0 0 0 0 171 68 2 1 ip access list extended client_side permit ip 10 16 20 0 0 0 0 255 10 10 10 0 0 0 0 255 ip access list extended wan_side permit ip 10 10 10 0 0 0 0 255 10 16 20 0 0 0 0 255 route map wan_side_map permit 20 match ip address wan_side set ip next hop 192 168 2 200 route map client_side_map permit 10 match i...

Страница 738: ... 1999 2017 Citrix Systems Inc All rights reserved p 738 https docs citrix com ...

Страница 739: ... 1999 2017 Citrix Systems Inc All rights reserved p 739 https docs citrix com Virtual Inline for Multiple WAN Environments ...

Страница 740: ... 1999 2017 Citrix Systems Inc All rights reserved p 740 https docs citrix com Virtual Inline Mode and High Availability ...

Страница 741: ... 1999 2017 Citrix Systems Inc All rights reserved p 741 https docs citrix com Monitoring and Troubleshooting ...

Страница 742: ... 1999 2017 Citrix Systems Inc All rights reserved p 742 https docs citrix com High Availability Mode ...

Страница 743: ... 1999 2017 Citrix Systems Inc All rights reserved p 743 https docs citrix com How High Availability Mode Works ...

Страница 744: ... 1999 2017 Citrix Systems Inc All rights reserved p 744 https docs citrix com Cabling Requirements ...

Страница 745: ... 1999 2017 Citrix Systems Inc All rights reserved p 745 https docs citrix com Other Requirements ...

Страница 746: ... 1999 2017 Citrix Systems Inc All rights reserved p 746 https docs citrix com Management Access to the High Availability Pair ...

Страница 747: ... 1999 2017 Citrix Systems Inc All rights reserved p 747 https docs citrix com Configuring the High Availability Pair ...

Страница 748: ... 1999 2017 Citrix Systems Inc All rights reserved p 748 https docs citrix com Updating Software on a High Availability Pair ...

Страница 749: ...e Configuration Advanced Deployments High Availability HA tab 2 Unplug a network cable from the bridge of one appliance Call it Appliance A 3 Unplug the power cord from Appliance A 4 Restore the parameters on the other appliance Appliance B by uploading a previously saved set of parameters on the System Maintenance Backup Restore page and clicking Restore Settings Completing this operation require...

Страница 750: ...e issues that can interfere with high availability mode are The other appliance is not running The HA parameters on the two appliances are not identical The two appliances are not running the same software release The two appliances do not have the same model number Incorrect or incomplete cabling between the appliances does not allow the HA heartbeat to pass between them The HA SSL Certificates o...

Страница 751: ...ower ON the appliance using the power button The green LED starts blinking on and off for the next 20 25 minutes until the eUSB recovery process is finished 3 Wait for few minutes apporximately 5 minutes initially as no activity will happen on the CLI Non activity in CLI does not mean nothing is happening The system is initializing the process Tip Pressing the resetbutton even number of times cance...

Страница 752: ...ipt usr local bin mfg sh Copying files Please be patient Updated extlinux config and installed extlinux on tmp tmp hTg61R2uPh primary boot Updated extlinux config and installed extlinux on tmp tmp hTg61R2uPh secondary boot Success Rebooting for baremetal OS installation Rebooting in 5 seconds 1 seconds Will now restart 145 238780 reboot Restarting system The appliance restarts 4 to 5 times as it e...

Страница 753: ...ate with a large number of branch and regional sites Figure 1 Typical Use Case A single SD WAN Standard Edition 4000 5100 appliance can support WAN speeds of up to 2 Gbps and up to 5000 XenApp XenDesktop users SD WAN 4000 5100 SE is recommended at the hub of a hub and spoke deployment where smaller appliances are used at the spokes whenever the link speed or the number of XenApp XenDesktop users i...

Страница 754: ...face for the appliance and provides access to key operating and monitoring elements of the appliance The management service displays SD WAN parameters as if they were from a single accelerator and all changes made through this interface are applied to all the accelerator instances The Xen hypervisor hosts all the virtual machines The hypervisor is not user configurable and should not be accessed ex...

Страница 755: ... mode in which the NetScaler instance routes packets to the accelerators and the accelerators route them back to the NetScaler instance Traffic flow over this internal traffic subnet is identical regardless of whether the mode visible to the outside world on the external interfaces is inline or virtual inline This traffic requires the SD WAN Return to Ethernet Sender option and the NetScaler MAC Addre...

Страница 756: ...er port on the bridged pair is left unconnected Performance considerations Inline deployments provide higher performance than the one arm deployments because the use of two ports instead of one doubles the peak throughput of the interfaces Peak throughput is important with SD WAN 4000 5100 SE appliances because the compressor provides acceleration in proportion to the compression ratio That is a c...

Страница 757: ...999 2017 Citrix Systems Inc All rights reserved p 757 https docs citrix com 0 2 is present but typically not used A Light Out Management LOM port is also provided An RS 232 port can be used for management ...

Страница 758: ...ler SD WAN 4000 SE appliances have the following ports 10 100Base T copper Ethernet Port RJ45 also called LOM port You can use this port to remotely monitor and manage the appliance independently of the appliance s software Note The LEDs on the LOM port are not operational by design RS232 serial console port Two 10 100 1000Base T copper Ethernet management ports RJ45 These ports are used to connec...

Страница 759: ...lease A 1 TB removable hard disk drive Power switch which turns off power to the appliance just as if you were to unplug the power supply Press the switch for five seconds to turn off the power Disable alarm button This button is functional only when the appliance has two power supplies Press this button to stop the power alarm from sounding when you have plugged the appliance into only one power ...

Страница 760: ... are used to connect directly to the appliance for system administration functions Eight 10G ports The following components are visible on the back panel of the Citrix NetScaler SD WAN 5100 SE appliance Six 600 GB removable solid state drives which store the appliance s compression history The 256 GB solid state drive next to the power supplies store the appliance s software USB port reserved for ...

Страница 761: ... Intel E5645 Dual Intel E5645 Dual Core Intel E5645 Dual Intel X5680 Dual Intel X5680 Dual Core Intel VTx or AMD V 64 bit x86 Total disk space 3 2 TB 3 2 TB 3 2 TB 4 2 TB 4 2 TB SSD dedicated compression history 2 TB 2 TB 2 TB 3 TB 3 TB HDD 1 TB 1 TB 1 TB 1 TB 1 TB RAM 48 GB 48 GB 48 GB 96 GB 96 GB Network interfaces 4 x 10GigE SX and 8 x 1GigE TX Bypass 4 x 10GigE SX and 8 x 1GigE TX Bypass 4 x 1...

Страница 762: ...49 lbs 22 2 kg Shipping dimensions and weight 37 x 24 by 11 59 lbs 94 x 61 x 28 cm 26 8 kg 37 x 24 by 11 59 lbs 94 x 61 x 28 cm 26 8 kg 37 x 24 by 11 59 lbs 94 x 61 x 28 cm 26 8 kg 37 x 24 by 11 61 lbs 94 x 61 x 28 cm 27 7 kg 37 x 24 by 11 61 lbs 94 x 61 x 28 cm 27 7 kg Environmental and Regulatory Input voltage and frequency ranges 100 240 VAC 47 63 Hz 100 240 VAC 47 63 Hz 100 240 VAC 47 63 Hz 10...

Страница 763: ...sing 5 95 non condensing Safety certifications UL TUV C UL TUV C UL TUV C UL TUV C UL TUV C Electromagnetic emissions certifications and susceptibility standards FCC Part 15 Class A DoC CE VCCI CNS AN NES FCC Part 15 Class A DoC CE VCCI CNS AN NES FCC Part 15 Class A DoC CE VCCI CNS AN NES FCC Part 15 Class A DoC CE VCCI CNS AN NES FCC Part 15 Class A DoC CE VCCI CNS AN NES Environmental compliance ...

Страница 764: ...tisfied that your appliance has been delivered to your expectations verify that the location where the appliance will be installed meets temperature and power requirements and that the server cabinet or floor to ceiling cabinet is securely bolted to the floor and has sufficient airflow Only trained and qualified personnel should install maintain or replace the appliance and efforts should be taken to en...

Страница 765: ...o power cables One fiber patch cable One standard 4 post rail kit Note If the kit that you received does not fit your rack contact your Citrix sales representative to order the appropriate kit In addition to the items included in the box with your new appliance you will need the following items to complete the installation and initial configuration process Ethernet cables for each additional Ether...

Страница 766: ...nt and a dust free environment Power density Wiring capable of handling at least 4 000 watts per rack unit in addition to power needs for the CRAC Rack Requirements The rack on which you install your appliance should meet the following criteria Rack characteristics Racks should be either integrated into a purpose designed server cabinet or be the floor to ceiling type bolted down at both top and b...

Страница 767: ...rmal use When installing or repairing an appliance always make sure that the ground circuit is connected first and disconnected last Make sure that a fuse or circuit breaker no larger than 120 VAC 15 A U S 240 VAC 16 A international is used on all current carrying conductors on the power system to which your appliances are connected Do not work alone when working with high voltage components Alway...

Страница 768: ... the room Therefore consider the lowest and highest operating temperatures of the equipment when making a decision about where to install the appliance in the rack Rack Precautions Make sure that the leveling jacks on the bottom of the rack are fully extended to the floor with the full weight of the rack resting on them For a single rack installation attach a stabilizer to the rack For a multiple ...

Страница 769: ...tal standards and the server rack is in place according to the instructions you are ready to install the hardware After you mount the appliance you are ready to connect it to the network to a power source and to the console terminal that you will use for initial configuration To complete the installation you turn on the appliance Be sure to observe the cautions and warnings listed with the installa...

Страница 770: ...mbly Attach the inner rails to the appliance Install the rack rails on the rack Install the appliance in the rack Note The same rail kitis used for both square hole and round hole racks See figure 4 for specific instructions for threaded round hole racks Warning If you are installing the appliance as the only unitin the rack mountitatthe bottom If the rack contains other units make sure that the hea...

Страница 771: ...ew be sure to align the square nut with the correct hole for your appliance The three holes are not evenly spaced Figure 2 Installing Retainers into the Front Rack Posts and Figure 3 Installing Retainers into the Rear Rack Posts 3 Install the adjustable rail assembly into the rack as shown in the following figures Use a screw to lock the rear rail flange into the rack With the screw securing the rai...

Страница 772: ...liance in the rack 1 Align the inner rails attached to the appliance with the rack rails 2 Slide the appliance into the rack rails keeping the pressure even on both sides 3 Verify that the appliance is locked in place by pulling it all the way out from the rack Figure 5 Rack Mounting the Appliance ...

Страница 773: ...s shortens their life span Follow the removal procedure carefully to avoid damaging the 1G SFP transceiver or the appliance Note Some SD WAN4000 5000 appliances do notrequire SFP transceivers Warning SD WAN4000 5000 appliances do notsupport1G SFP transceivers from vendors other than Citrix Systems Attempting to install third party 1G SFP transceivers on your SD WAN4000 5000 appliance voids the war...

Страница 774: ...o the transceiver and the cable until you are ready to insert the cable To remove a 1G SFP transceiver 1 Disconnect the cable from the 1G SFP transceiver If you are using a fiber optic cable replace the dust cap on the cable before putting it away 2 Unlock the 1G SFP transceiver 3 Hold the 1G SFP transceiver between your thumb and index finger and slowly pull it out of the port 4 If you are removi...

Страница 775: ...e connector or the optical interface of the transceiver To install a 10G SFP transceiver 1 Remove the 10G SFP transceiver carefully from its box Danger Do not look directly into fiber optic transceivers and cables They emit laser beams that can damage your eyes 2 Align the 10G SFP transceiver to the front of the 10G SFP transceiver port on the front panel of the appliance 3 Hold the 10G SFP transc...

Страница 776: ...r the patch cable is no longer required and can be omitted if The appliance was shipped from the factory with release 7 2 2 or later or The appliance was shipped from the factory with release 7 2 2 or earlier but you upgrade it to 9 1 or later and change the default loopback in the management service on System Configuration System Configure Loopback Settings To install the patch cable 1 Connect th...

Страница 777: ...to an appropriate port on the front panel of the appliance as shown in the figure below 2 Insert the RJ 45 connector on the other end into the target device such as a router or switch 3 Verify that the LED glows amber when the connection is established Figure 1 Inserting an Ethernet cable Connecting the Console Cable You can use the console cable to connect your appliance to a computer or terminal...

Страница 778: ...iance to the power source 1 Connect one end of the power cable to the power outlet on the back panel of the appliance next to the power supply as shown in the following figure 2 Connect the other end of the power cable to a standard 110V 220V power outlet 3 Repeat steps 1 and 2 to connect the second power supply Note The appliance emits a high pitched alert if one power supply fails or if you conn...

Страница 779: ...outlet for a different circuit than the first After verifying the connections you are ready to switch on the appliance To switch on the appliance 1 Verify that the appliance is connected through a console or Ethernet port This will ensure that you can configure the appliance after it is switched on 2 Press the ON OFF toggle power switch on the back panel of the appliance Caution Be aware of the lo...

Страница 780: ...000 5100 deployments require adequate planning especially for units deployed in large datacenters An appropriate appliance or group of appliances must be selected to support both the current and anticipated load A deployment mode must be selected to match the requirements of your site Other aspects must also be considered ...

Страница 781: ...iance runs short of resources Never overcommit any SD WAN appliance especially in the datacenter Provision your datacenter to easily accommodate peak loads Provide enough capacity for expected expansion over the life of the deployment SD WAN 4000 5000 appliances using the same hardware platform can have their capacity upgraded with a new license as part of the Citrix pay as you grow program SD WAN...

Страница 782: ...irtual inline This resembles WCCP but lacks built in health checking In L2 inline mode SD WAN 4000 5100 is placed between your LAN and your WAN router or other aggregation point at the LAN WAN boundary In a one arm mode SD WAN 4000 5100 is generally connected directly to a dedicated port on your WAN router In cases where the WAN router ports are not as fast as the LAN for example when the WAN rout...

Страница 783: ...ld which contains the management IP address of the remote SD WAN This method is used for connections from remote SD WAN appliances and remote SD WAN Plug ins Incoming non accelerated connections and all outgoing connections are also distributed among the accelerators according to the least connection method but since they do not contain an AgentID field they cannot use AgentID persistence Instead t...

Страница 784: ...7 Citrix Systems Inc All rights reserved p 784 https docs citrix com dealing with overloaded instances can be changed from assigning connections to a difference instance to passing them through as unaccelerated ...

Страница 785: ...ategories accelerated and non accelerated is probably sufficient and only the largest remote sites need to be considered individually 5 Determined whether there are multiple datacenters with datacenter to datacenter traffic and whether any remote datacenters have a SD WAN 4000 5100 appliance 6 Decided whether you plan to increase WAN capacity the number of sites or the number of users in the next ...

Страница 786: ...oy the appliance on the network you must configure the appropriate IP addresses on the appliance to accelerate the network traffic Initial configuration consists of the following tasks Identify the prerequisites for the initial configuration Record various values required in the initial configuration procedure Configure the appliance by connecting it to the Ethernet port Assign management IP address...

Страница 787: ... Six Model 2000 Eight Before you start provisioning the appliance Citrix recommends that you have the license file with you as it is required early in the configuration process To download a license file complete the procedure described in the My Account All Licensing Tools User Guide After you receive the hardware appliance from Citrix you need to install it in the network Complete the following pro...

Страница 788: ... you start configuring the appliance you must change the IP address of the management service to the one in your management network so that you can access the appliance over the network You can change the management IP address by connecting a computer to the appliance through either the Ethernet port or the serial console ...

Страница 789: ...hanging the Internet Protocol Version 4 properties of the LAN connection as shown below You can leave the gateway and DNS server fields blank 2 Using an Ethernet cable connect this computer to the port labeled PRI on the SD WAN appliance 3 Switch on the appliance Using the web browser on the computer access the appliance by using the default management service IP address which is http 192 168 100 ...

Страница 790: ... 1999 2017 Citrix Systems Inc All rights reserved p 790 https docs citrix com ...

Страница 791: ...ance ssh 169 254 0 10 6 Enter Yes to continue connecting to the management service 7 Log on to the shell prompt of the appliance with the default credentials 8 At the logon prompt run the following command to open the Management Service Initial Network Address Configuration menu networkconfig 9 Type 1 and press Enter to select option 1 and specify a new management IP address for the management ser...

Страница 792: ...Inc All rights reserved p 792 https docs citrix com Setting up the SD WAN Appliance Nov 22 2016 To set up your NetScaler SD WAN Appliance hardware see the instructions documented in the Setting up the Appliance Hardware section ...

Страница 793: ... commonly used without high availability HA and less commonly with HA Citrix recommends WCCP mode supported on WANOP appliances with a single router and without HA for most deployments Use inline mode when WCCP is not available Although not all of the following modes are recommended at this time they are all supported Inline mode Inline mode in HA Virtual inline mode Virtual inline mode in HA ...

Страница 794: ...ocessed packets back to the router Virtual inline mode provides a solution for asymmetric routing issues faced in a deployment with two or more WAN links The tasks for configuring virtual inline mode are performed on the router On the SD WAN appliance just verify that the software version supports virtual inline mode and provision the instances with the necessary IP addresses Do not change the defa...

Страница 795: ...erent subnets For example you can deploy the appliance in one arm mode for managing the Repeater instances with the NetScaler and local Repeater instances connected by the internal private subnet A NetScaler owned subnet IP address SNIP is used to communicate with an accelerator instance You must enable MAC Based Forwarding MBF Use Subnet IP address USNIP and Return To Ethernet Sender options on t...

Страница 796: ...ployed in virtual inline mode with one router and one link If you are deploying a SD WAN appliance in virtual inline mode with one router and one link complete the following procedures Enable Layer 3 Mode Enable the Return to Ethernet Sender Mode Add a Subnet IP Address Bind the Subnet IP Address to VLAN of Data Interface Configure a Router ...

Страница 797: ...yed in virtual inline mode with two routers and one link If you are deploying a SD WAN appliance in virtual inline mode with two routers and a single link complete the following procedures Enable Layer 3 Mode Enable the Return to Ethernet Sender Mode Add a Subnet IP Address Bind the Subnet IP Address to VLAN of Data Interface Configure a Router ...

Страница 798: ... in virtual inline mode with two routers and two links If you are deploying a SD WAN appliance in virtual inline mode with two routers and a single link complete the following procedures Enable Layer 3 Mode Enable the Return to Ethernet Sender Mode Add a Subnet IP Address Bind the Subnet IP Address to VLAN of Data Interface Configure a Router ...

Страница 799: ...rtual inline mode with two routers in high availability setup and one link If you are deploying a SD WAN appliance in virtual inline mode with two routers and a single link complete the following procedures Enable Layer 3 Mode Enable the Return to Ethernet Sender Mode Add a Subnet IP Address Bind the Subnet IP Address to VLAN of Data Interface Configure a Router ...

Страница 800: ...et M2 Gateway IP address 10 199 79 254 Default gateway serving the management subnet M3 Subnet Mask 255 255 255 128 Subnet mask for the management subnet M4 Xen Hypervisor IP address 10 199 79 225 IP address of Xen Hypervisor M5 Service VM IP address 10 199 79 226 IP address of Management Service VM which controls configuration M6 Accelerator UI 10 199 79 227 Accelerator GUI also called the Broker...

Страница 801: ... of the accelerators T7 Local LAN Subnets 10 200 0 0 16 The local LAN subnet to be accelerated This is the only subnet that will receive acceleration T8 Traffic Port 10 1 Port used for accelerated traffic T9 Traffic Port 10 6 Port used for accelerated traffic Parameter Example Your Value Description Note Ports 10 3 and 10 4 are reserved for loopback cable Do not configure these ports as traffic po...

Страница 802: ...de To deploy the SD WAN appliance in virtual inline mode you must configure the NetScaler instance of the appliance to support this mode To configure the NetScaler instance for the virtual inline mode of the appliance Enable L3 Mode Enable the Return to Ethernet Sender Mode Add a Subnet IP Address Bind the Subnet IP Address to VLAN of Data Interface Configuring the Instance for Connection Migration...

Страница 803: ... using the conf iguration utility 1 Access the NetScaler instance by clicking the NetScaler instance s IP address on the Configuration Instances NetScaler page You are logged on to the NetScaler instance automatically 2 Navigate to the System Settings page 3 Click the Configure modes link 4 In the Configure Modes dialog box select Layer 3 Mode IP Forwarding option 5 Clear the Layer 2 Mode option a...

Страница 804: ...wn traffic back but not the traffic from the other router This mode also works with a single router T o enable the Return to Ethernet Sender mode by using the conf iguration utility 1 Navigate to the System Network page 2 Click the Configure Layer 2 Parameter link as shown in the following figure 3 In the Configure Layer 2 Parameter dialog box select the Return to Ethernet Sender option as shown i...

Страница 805: ...figuration wizard If it has already been created it is listed on the IPs page The subnet IP address declares the external traffic network In the IP Address field type the NetScaler traffic IP address entry T4 in your worksheet 4 In the Netmask field specify the network mask entry T3 in your worksheet 5 From the IP Type group make sure that the Subnet IP option is selected as shown in the following...

Страница 806: ...shown in the following figure 4 In the Interface Bindings tab of the Configure VLAN dialog box notice that the VLAN is bound to interfaces 10 1 entry T9 of your worksheet and 10 2 5 In the IP Bindings tab select the subnet IP address you have created as shown in the following figure 6 Click Create and then Close 7 If you are configuring the appliance for two links repeat this procedure to bind sec...

Страница 807: ...d to interfaces that are bound to different VLANs then you must bind the interfaces to the same VLAN to enable connection migration Additionally you must bind both subnet IP addresses to the same VLAN Skip this procedure if you are using interfaces that are bound to the same VLAN T o conf igure VLANs f or connection migration by using the conf iguration utility 1 Navigate to the System Network VLA...

Страница 808: ... 1999 2017 Citrix Systems Inc All rights reserved p 808 https docs citrix com bind vlan 1007 ifnum 10 6 bind vlan 1007 IPAddress 172 17 18 2 255 255 255 0 ...

Страница 809: ...port on which packets arrive Packets that arrive on the interface dedicated to the appliance are never forwarded back to the appliance but packets arriving on any other interface can be Traffic shaping is not effective unless all WAN traffic passes through the appliance Following is the basic routing algorithm Do not forward packets from the appliance back to the appliance If the packet arrives fr...

Страница 810: ... 51 0 0 0 0 255 route map wan_side_map permit 20 match ip address wan_side Now set the appliance as the next hop if it s up set ip next hop verify availability 17 17 17 1 20 track 123 route map client_side_map permit 10 match ip address client_side set ip next hop verify availability 17 17 17 1 10 track 123 This example applies an access list to a route map and attaches the route map to an interfa...

Страница 811: ... rights reserved p 811 https docs citrix com ip access list extended wan_side permit tcp 10 20 20 0 0 0 0 255 10 200 51 0 0 0 0 255 To configure high availability between routers see the router specific high availably configuration manual ...

Страница 812: ...re service classes for the respective applications To configure a service class see http support citrix com proddocs topic SD WAN 72 cb traffic classification con html To verify that you have successfully configure the appliance in the virtual inline mode 1 Send network traffic through the appliance 2 Navigate to the SD WAN Monitoring Optimization Connections page 3 Verify that the Accelerated Connec...

Страница 813: ...h transparently as if the appliance were not there For maximum reliability the bridge pairs are equipped with a bypass feature that causes the two ports to be connected to each other should the appliance fail or lose power allowing traffic to continue flowing even during such an outage Starting in release 7 1 inline mode depends on the NetScaler add interfacePair command to isolate bridge traffic ens...

Страница 814: ...igure 1 Basic cabling for inline mode As shown in the above figure inline mode is a two arm mode For inline deployments the NetScaler instance is configured in L2 bridged mode but the accelerators are connected internally to the NetScaler instance in a one arm configuration Inline mode is the easiest mode to configure You connect one port of an accelerated pair to the WAN router and the ...

Страница 815: ...e You can also deploy the appliance to accelerate traffic from certain resources only such as back end servers and not the traffic of the entire network Such an arrangement reserves the appliance s resources for the selected traffic In this case you install the appliance on the branch network that includes the resources for with you want to accelerate traffic The following figure shows partial site acc...

Страница 816: ...ir command in the NetScaler command line interface The following examples show how this command is used to create port affinity on all bridged pairs in the appliance SD WAN 4000 add interfacePair 1 ifnum 1 1 1 2 add interfacePair 2 ifnum 1 3 1 4 add interfacePair 3 ifnum 1 5 1 6 add interfacePair 4 ifnum 1 7 1 8 add interfacePair 5 ifnum 10 1 10 2 SD WAN 5100 add interfacePair 1 ifnum 10 1 10 2 ad...

Страница 817: ...nd bind it to both ports of the bridge such as ports 10 1 and 10 2 as shown in the example below Figure 1 Tagged VLANs for VLAN trunking VLAN 412 is tagged VLANs can be declared in either of two ways 1 From the System Settings Configure NSVLAN Settings dialog box This method declares a VLAN whose broadcast traffic is isolated from other VLANS This method is recommended for the management subnet It...

Страница 818: ...aintaining network continuity at all times This feature is automatic and requires no user configuration When the bypass relay is closed the bridge ports of the appliance are inaccessible The bypass feature is disabled when the NetScaler instance is set to L3 mode Because L3 mode is the factory default inline mode should be configured before the appliance is placed in line with data traffic The bypa...

Страница 819: ... modes and the HA configuration procedure is the same for all modes The two appliances should be running identical hardware licensing and software releases and must be deployed identically using the same deployment modes on the same subnets When you enable HA the configuration of the primary appliance s NetScaler instance is copied to the secondary appliance as part of the NetScaler HA synchronizati...

Страница 820: ...address of the NetScaler instance of the other appliance 2 H17 on your worksheet as shown in the following figure Figure 2 Configuring a high availability setup of the NetScaler instances 10 Click OK The appliances are now configured as a high availability pair as shown in the following figure Figure 3 Configuring high availability on the NetScaler instance Note To learn more about setting up high...

Страница 821: ...tain a SD WAN Standard Edition instance a management service instance and a Xen hypervisor The SD WAN instance is typically used in inline mode with the SD WAN instance interposed between the WAN router and the LAN so WAN traffic flows through the accelerated bridge The SD WAN instance can also be deployed in virtual inline modes using a single accelerated bridge port In addition to the accelerated ...

Страница 822: ...he LEDs provide critical information related to different parts of the appliance Power Fail Indicates the power supply unit has failed Information LED Indicates the following Status Description Continuously ON and red The appliance is overheated This might be a result of cable congestion Blinking red 1Hz Fan failure check for an inoperative fan Blinking red 0 25Hz Power failure check for the non o...

Страница 823: ...a SD WAN 1000 SE appliance Figure 2 Citrix NetScaler SD WAN 1000 SE appliance back panel The following components are visible on the back panel of a SD WAN 1000 SE appliance Cooling fan Single power supply rated at 200 watts 110 240 volts Accelerated pairs of Ethernet ports apA and apB which function as accelerated bridges RS 232 serial console port One AUX Ethernet port and one management port Tw...

Страница 824: ...0 1 and named PRI primary The management port is used to connect directly to the appliance for system administration functions You can use this port for initial provisioning of Virtual WAN Note The LOM port also operates as a management port Four 10 100 1000Base T copper Ethernet ports numbered 1 1 1 2 1 3 and 1 4 from left to right The four ports form two accelerated pairs which function as accel...

Страница 825: ... a future release Non maskable interrupt NMI button for use at the request of Technical Support to produce a core dump You must use a pen pencil or other pointed object to press this red button which is recessed to prevent unintentional activation Single power supply rated at 300 watts 100 240 volts ...

Страница 826: ...SSD and 1X1 TB HDD SSD dedicated Compression history 123 GB for Disk Based Compression DBC 25 GB for video caching 225 GB for Disk Based Compression DBC 50 GB for video caching RAM 32 GB 24 GB Network Interfaces 2 pair with bypass 10 100 1000 2 GigE ports for Management and AUX ports 4 x 10 100 1000 Base T copper Ethernet 2 GigE ports for Management and AUX ports Power supplies 1 1 Physical Dimens...

Страница 827: ...ive Humidity 8 90 non condensing 5 95 Safety certifications CSA EN IEC UL 60950 1 Compliant UL or CSA Listed USA and Canada CE Marking Europe CSA EN IEC UL 60950 1 Compliant UL or CSA Listed USA and Canada CE Marking Europe Electromagnetic and susceptibility certifications FCC Class A EN 55022 Class A EN 61000 3 2 3 3 CISPR 22 Class A FCC Part 15 Class A CE C Tick VCCI A CCC KCC NOM SASO SABS PCT ...

Страница 828: ... appliance The Ethernet ports are named differently on the front panel of SD WAN 1000 SE and 2000 SE appliances in the SD WAN instance as shown in the following table Front Panel SD WAN Instance SD WAN 1000 SE SD WAN 2000 SE MGMT Blue 0 1 LOM PRI Primary AUX 0 2 AUX Aux apA LAN1 Green 1 1 apA 1 apA WAN1 1 2 apA 2 apB LAN2 1 3 apB 1 apB WAN2 1 4 apB 2 Available to the SD WAN instance only in four p...

Страница 829: ...ou mount the appliance you are ready to connect it to the network to a power source and to the console terminal that you will use for initial configuration You can also connect the appliance to a computer through Ethernet port for initial configuration On SD WAN 1000 SE appliance this port is labeled as MGMT management port and on SD WAN 2000 SE appliance the port is labeled as PRI primary port To c...

Страница 830: ...ix com Rack Mounting the Appliance Apr 09 2014 A SD WAN 1000 SE or 2000 SE appliance requires one rack unit Both are rack mount devices that can be installed into two post relay racks or four post EIA 310 server racks Verify that the rack is compatible with your appliance ...

Страница 831: ...nc All rights reserved p 831 https docs citrix com Rack Mounting an SD WAN 1000 SE Appliance Apr 09 2014 SD WAN 1000 SE appliance is not shipped with rails You can mount the appliance to the rack by using the front mounting ports ...

Страница 832: ...r rail T o attach the inner rails to the appliance 1 Position the right inner rail behind the ear bracket on the right side of the appliance 2 Align the holes on the rail with the corresponding holes on the side of the appliance 3 Attach the rail to the appliance with the provided screws 4 Repeat steps 1 through 3 to install the left inner rail on the left side of the appliance T o install the rac...

Страница 833: ...ce these ports are labeled as 1 1 and 1 2 and 1 3 and 1 4 respectively Connecting the Ethernet Cables Ethernet cables connect your appliance to the network The type of cable you need depends on the type of port used to connect to the network Use a category 5e or category 6 Ethernet cable with a standard RJ 45 connector on a 10 100 1000BASE T port T o connect an Ethernet cable to a 10 100 1000BASE ...

Страница 834: ...to it 2 Insert the RJ 45 connector at the other end of the cable into the serial port of the computer or terminal Connecting the Power Cable A SD WAN appliance has one power supply A separate ground cable is not required because the three prong plug provides grounding Provide power to the appliance by installing the power cord Connect the other end of the power cable to a standard 110V 220V power ...

Страница 835: ... appliance T o switch on the appliance 1 Verify that the appliance is connected through a console or Ethernet port so that you can configure the appliance after it is switched on 2 Press the ON OFF toggle power switch on the appliance 3 On SD WAN 2000 SE appliance verify that the LCD on the front panel is backlit and the start message appears Caution Be aware of the location of the emergency power...

Страница 836: ...k you must configure the appropriate IP addresses on the appliance to accelerate the network traffic To perform initial configuration Identify the prerequisites for the initial configuration Record various values required in the initial configuration procedure Configure the appliance by connecting it to the Ethernet port Perform additional configuration for Windows Assign management IP address throu...

Страница 837: ...u should have physical access to the appliance In the Worksheet record all IP addresses and other values you would use to configure the appliance Preferably print out the worksheet before you start the configuration process You should already have a SD WAN license key from Citrix sent in an email If you are using remote licensing you need the IP address of the licensing server WAN Send and Receive...

Страница 838: ...Management Service Netmask Management Subnet 255 255 0 0 Network mask for the management subnet Gateway Management Subnet None The default gateway IP address of the appliance Port Model 2 Port Select 2 port or 4 port depending on the model In 4 port mode Windows Server does not have access to ports 1 3 and 1 4 DNS Server None IP address of the DNS server Citrix recommends that you specify a valid ...

Страница 839: ... appliance Confirm Password nsroot New password for access to the appliance Command Center Conf iguration Command Center IP Address None Optional IP address of the Command Center appliance with which you want to register this appliance More info Command Center Port 8443 Optional Port number of the Command Center appliance Registration Password None Password you want to use to register the SD WAN a...

Страница 840: ...N appliance s Ethernet port 0 1 1 Set the Ethernet port address of a computer or other browser equipped device with an Ethernet port to 192 168 100 50 with a network mask of 255 255 0 0 On a Windows device this is done by changing the Internet Protocol Version 4 properties of the LAN connection as shown below You can leave the gateway and DNS server fields as blank 2 Using an Ethernet cable connec...

Страница 841: ...ion wizard 2 If you opt for a remote licensing server you must select a remote appliance model and provide the IP address of the licensing server in the Licensing Server Address field 19 In the WAN Link Definition section specify receive and send speeds for the WAN link in the respective fields Citrix recommends values 10 lower than the WAN bandwidth to avoid network congestion 20 By default WAN s...

Страница 842: ...ps docs citrix com WCCP WANOP only and virtual inline installations connect a single accelerated bridge port to your WAN router Virtual inline installations require that you configure your router to forward WAN traffic to the appliance See Router Configuration ...

Страница 843: ...to switch to the shell prompt of the appliance ssh 169 254 0 10 6 Enter Yes to continue connecting to the management service 7 Log on to the shell prompt of the appliance with the following default credentials Password nsroot 8 At the logon prompt run the following command to open the Management Service Initial Network Address Configuration menu networkconfig 9 Type 1 and press Enter to select opt...

Страница 844: ...Inc All rights reserved p 844 https docs citrix com Setting up the SD WAN Appliance Nov 23 2016 To set up your NetScaler SD WAN Appliance hardware see the instructions documented in the Setting up the Appliance Hardware section ...

Страница 845: ... to account for additional types of connections including management connections to the GUI and the heartbeat signal that passes between members of a high availability pair For completeness these additional traffic modes are also listed in table below T able 1 How Ethernet and IP Addresses Determine the Mode Destination IP Address Destination Ethernet Address Mode Not appliance Not appliance Inline...

Страница 846: ...o accelerate It is a traffic category not a forwarding mode Direct access where the appliance acts as an ordinary server or client The GUI and CLI are examples of direct access using the HTTP HTTPS SSH or SFTP protocols Direct access traffic can also include the NTP and SNMP protocols Appliance to appliance communication which can include signaling connections used in secure peering and by the SD ...

Страница 847: ...ions use only the bridged ports Some SD WAN units have only the motherboard ports In this case the two motherboard ports are bridged The appliance s user interface can be accessed by a VLAN or non VLAN network You can assign a VLAN to any of the appliance s bridged ports or motherboard ports for management purposes Figure 1 Ethernet Ports The ports are named as follows T able 1 Ethernet Port Names...

Страница 848: ...ration IP Address page The speed duplex settings are set on the Configuration Interface page Notes about parameters Disabled ports do not respond to any traffic The browser based UI can be enabled or disabled independently on all ports To secure the UI on ports with IP addresses select HTTPS instead of HTTP on the Configuration Administrator Interface Web Access page Inline mode works even if a bri...

Страница 849: ...trix recommends that you purchase appliances with bypass cards for all inline deployments The bypass feature is wired as if a cross over cable connected the two ports which is the correct behavior in properly wired installations Important Bypass installations must be tested Improper cabling might work in normal operation but not in bypass mode The Ethernet ports are tolerant of improper cabling an...

Страница 850: ...Citrix Systems Inc All rights reserved p 850 https docs citrix com Two units with multiple bridges can be used in a high availability pair Simply match up the bridges so that all links pass through both appliances ...

Страница 851: ... itself to other acceleration units This address is used internally for a variety of purposes and is most visible to users as the Partner Unit field on the Monitoring Optimization Connections page If no motherboard port is enabled the appliance uses the IP address of Accelerated Pair A The Primary port is used for Administration through the web based UI A back channel for group mode A back channel...

Страница 852: ...r example if one traffic stream passing through the accelerated bridge is addressed to 10 0 0 1 VLAN 100 and another is addressed to 10 0 0 1 VLAN 111 the appliance knows that these are two distinct destinations even though the two VLANs have the same IP address You can assign a VLAN to all some or none of the appliance s Ethernet ports If a VLAN is assigned to a port the management interfaces GUI ...

Страница 853: ...de Accelerating All Traffic on a WAN Note Any TCP based traffic passing through both units is accelerated No address translation proxying or per site setup is required Inline mode is auto detecting and auto configuring Configuration is minimized with inline mode because your WAN router need not be aware of the appliance s existence Depending on your configuration inline mode s link down propagation ...

Страница 854: ...ible If carrier is lost on one of the bridge ports the carrier is dropped on the other bridge port to ensure that the link down condition is propagated to the device on the other side of the appliance Units that monitor link state such as routers are thus notified of conditions on the other side of the bridge Link down propagation has two operating modes If the Primary port is not enabled the link ...

Страница 855: ...ting acceleration and it should be used when practical Because all the link traffic is flowing through the appliances the benefits of fair queuing and flow control prevent the link from being overrun In IP networks the bottleneck gateway determines the queuing behavior for the entire link By becoming the bottleneck gateway the appliance gains control of the link and can manage it intelligently This is...

Страница 856: ... can install the appliance on a branch network that includes only those systems This is shown in the following figure Figure 1 Inline Mode Accelerating Selected Systems Only SD WAN traffic shaping relies on controlling the entire link so traffic shaping is not effective with this topology because the appliance sees only a portion of link traffic Latency control is up to the bottleneck gateway and int...

Страница 857: ...p 857 https docs citrix com Configuring and Troubleshooting Inline Mode Dec 26 2012 Inline mode requires only basic configuration because it is applied automatically to any packets passing through the accelerated bridge Troubleshooting is described under ...

Страница 858: ...ng or health checking making troubleshooting difficult Virtual inline is recommended only when inline mode is impractical The following figure shows a simple network in which all traffic destined for or received from the remote site is redirected to the appliance In this example both the local site and remote site use virtual inline mode Figure 1 Virtual Inline Example Following are some configuratio...

Страница 859: ...re a single appliance each gets its own traffic back but not the traffic from the other router This mode also works with a single router Send to Gateway not recommended In this mode virtual inline output packets are forwarded to the default gateway for delivery even if they are destined for hosts on the local subnet This option is usually less desirable than the Return to Ethernet Sender option beca...

Страница 860: ... all WAN traffic passes through the appliance Note When considering routing options keep in mind that returning data not just outgoing data must flow through the appliance For example placing the appliance on the local subnet and designating it as the default router for local systems does not work in a virtual inline deployment Outgoing data would flow through the appliance but incoming data would...

Страница 861: ...process Original configuration is in normal type appliance specific configuration is in bold ip cef interface FastEthernet0 0 ip address 10 10 10 5 255 255 255 0 ip policy route map client_side_map interface FastEthernet0 1 ip address 172 68 1 5 255 255 255 0 ip policy route map wan_side_map interface FastEthernet1 0 ip address 192 168 1 5 255 255 255 0 ip classless ip route 0 0 0 0 0 0 0 0 171 68...

Страница 862: ... next hop 192 168 2 200 route map client_side_map permit 10 match ip address client_side set ip next hop 192 168 2 200 _ Each of the above examples applies an access list to a route map and attaches the route map to an interface The access lists identify all traffic originating at one accelerated site and terminating at the other A source IP of 10 10 10 0 24 and destination of 20 20 20 0 24 or vice...

Страница 863: ... 1999 2017 Citrix Systems Inc All rights reserved p 863 https docs citrix com wildcard mask in binary 1 is considered a don t care bit ...

Страница 864: ...ves the asymmetric routing problem by using the router configuration to send all WAN traffic through the appliance regardless of the WAN link used The below figure shows a simple multiple WAN link deployment example The two local side routers redirect traffic to the local appliance The FE 0 0 ports for both routers are in the same broadcast domain as the appliance The local appliance must use the defa...

Страница 865: ...deployment In virtual inline mode a pair of appliances acts as one virtual appliance Router configuration is the same for an HA pair as with a single appliance except that the Virtual IP address of the HA pair not the IP address of an individual appliance is used in the router configuration tables In this example the local appliances must use default virtual inline configuration Return to Ethernet Se...

Страница 866: ...ilures are typically caused by errors in router configuration If the Monitoring Usage or Monitoring Connections pages show that traffic is being forwarded but no acceleration is taking place assuming that an appliance is already installed on the other end of the WAN link check to make sure that both incoming WAN traffic and outgoing WAN traffic are being forwarded to the appliance If only one directio...

Страница 867: ... pair The appliances each monitor the other s status by using the standard Virtual Router Redundancy Protocol VRRP heartbeat mechanism The pair has a common virtual IP address for management in addition to each appliance s management IP address If the primary appliance fails the secondary appliance takes over Failover takes approximately five seconds High availability mode is a standard feature ...

Страница 868: ...d during power outages at least one appliance must be attached to a backup power source Note The secondary appliance in the HA pair has one of its bridge ports port apA 1 disabled to prevent forwarding loops If the appliance has dual bridges apB 1 is also disabled In a one arm installation use port apA 2 Otherwise the secondary appliance becomes inaccessible when HA is enabled Primary secondary as...

Страница 869: ...s is depicted only in the middle diagram Figure 1 Cabling for High Availability Pairs Do not break the above topology with additional switches Random switch arrangements are not supported Each of the switches must be either a single monolithic switch a single logical switch or part of the same chassis If the spanning tree protocol STP is enabled on the router or switch ports attached to the applia...

Страница 870: ...e following criteria Have identical hardware as shown by on the System Hardware entry on the Dashboard page Run exactly the same software release Be equipped with Ethernet bypass cards To determine what is installed in your appliances see the Dashboard page Appliances that do not support HA display a warning on the Configuration High Availability page ...

Страница 871: ... IP VIP address which enables you to manage the two appliances as if they were a single unit After you enable high availability mode managing the secondary appliance through its IP address is mostly disabled with most parameters grayed out A warning message displays the reason on every page Use the HA VIP for all management tasks You can however disable the secondary appliance s HA state from its ...

Страница 872: ... to the pair Although the value defaults to zero the valid range of VRRP ID numbers is 1 through 255 Within this range you can specify any value that does not belong to another VRRP device on your network 8 In the Partner SSL Common Name field type the other appliance s SSL Common Name which is displayed on that appliance s Configuration Advanced Deployments High Availability tab in the Partner SS...

Страница 873: ... On the secondary appliance update the software and reboot After the reboot the appliance is still the secondary Verify that the installation succeeded The primary appliance should show that the secondary appliance exists but that automatic parameter synchronization is not working due to a version mismatch 3 On the primary appliance update the software and then reboot The reboot causes a failover ...

Страница 874: ...he Configuration Advanced Deployments High Availability HA tab 2 Unplug a network cable from the bridge of one appliance Call it Appliance A 3 Unplug the power cord from Appliance A 4 Restore the parameters on the other appliance Appliance B by uploading a previously saved set of parameters on the System Maintenance Backup Restore page and clicking Restore Settings Completing this operation requir...

Страница 875: ...es that can interfere with high availability mode are The other appliance is not running The HA parameters on the two appliances are not identical The two appliances are not running the same software release The two appliances do not have the same model number Incorrect or incomplete cabling between the appliances does not allow the HA heartbeat to pass between them The HA Group Mode SSL Certifica...

Страница 876: ...re which supports multiple virtual machines All branch appliances contain a SD WAN instance a management service instance and a Xen hypervisor The SD WAN instance is typically used in inline mode with the SD WAN instance interposed between the WAN router and the LAN so WAN traffic flows through the accelerated bridge The SD WAN instance can also be deployed in virtual inline mode using a single acce...

Страница 877: ...t is used to connect directly to the appliance for system administration functions You can use this port for initial provisioning of WAN optimization and Windows Server Note The LOM port also operates as a management port Four 10 100 1000Base T copper Ethernet ports numbered 1 1 1 2 1 3 and 1 4 from left to right The four ports form two accelerated pairs which function as accelerated bridges Ports...

Страница 878: ... a future release Non maskable interrupt NMI button for use at the request of Technical Support to produce a core dump You must use a pen pencil or other pointed object to press this red button which is recessed to prevent unintentional activation Single power supply rated at 300 watts 100 240 volts ...

Страница 879: ...ance The LEDs provide critical information related to different parts of the appliance Power Fail Indicates the power supply unit has failed Information LED Indicates the following Status Description Continuously ON and red The appliance is overheated This might be a result of cable congestion Blinking red 1Hz Fan failure check for an inoperative fan Blinking red 0 25Hz Power failure check for the...

Страница 880: ...a SD WAN 1000 EE appliance Figure 2 Citrix NetScaler SD WAN 1000 EE appliance back panel The following components are visible on the back panel of a SD WAN 1000 EE appliance Cooling fan Single power supply rated at 200 watts 110 240 volts Accelerated pairs of Ethernet ports apA and apB which function as accelerated bridges RS 232 serial console port One AUX Ethernet port and one management port Tw...

Страница 881: ... and 1x1 TB HDD 1 x 600 GB SSD and 1X1 TB HDD SSD dedicated Compression history 123 GB for Disk Based Compression DBC 25 GB for video caching 225 GB for Disk Based Compression DBC 50 GB for video caching RAM 32 GB 24 GB Network Interfaces 2 pair with bypass 10 100 1000 2 GigE ports for Management and AUX ports 4 x 10 100 1000 Base T copper Ethernet 2 GigE ports for Management and AUX ports Power s...

Страница 882: ...0 Allowed Relative Humidity 8 90 non condensing 5 95 Safety certifications CSA EN IEC UL 60950 1 Compliant UL or CSA Listed USA and Canada CE Marking Europe CSA EN IEC UL 60950 1 Compliant UL or CSA Listed USA and Canada CE Marking Europe Electromagnetic and susceptibility certifications FCC Part 15 Class A CCC KCC NOM SASO CITC EAC DoC CE VCCI RCM FCC Part 15 Class A CCC KCC NOM SASO CITC EAC DoC...

Страница 883: ...ce The Ethernet ports are named differently on the front panel of SD WAN 1000 EE and 2000 EE appliances in the NetScaler SD WAN instance as shown in the following table Front Panel SD WAN Instance SD WAN 1000 EE SD WAN 2000 EE MGMT Blue 0 1 LOM PRI Primary AUX 0 2 AUX Aux apA LAN1 WCCP Green 1 1 apA 1 apA WAN1 1 2 apA 2 apB LAN2 1 3 apB 1 apB WAN2 1 4 apB 2 Available to the SD WAN instance only in...

Страница 884: ...ter you mount the appliance you are ready to connect it to the network to a power source and to the console terminal that you will use for initial configuration You can also connect the appliance to a computer through Ethernet port for initial configuration On SD WAN 1000 EE appliance this port is labeled as MGMT management port and on SD WAN 2000 EE the port is labeled as PRI primary port To comple...

Страница 885: ...ix com Rack Mounting the Appliance Apr 09 2014 A SD WAN 1000 EE or 2000 EE appliance requires one rack unit Both are rack mount devices that can be installed into two post relay racks or four post EIA 310 server racks Verify that the rack is compatible with your appliance ...

Страница 886: ...nc All rights reserved p 886 https docs citrix com Rack Mounting a SD WAN 1000 EE Appliance Apr 09 2014 SD WAN 1000 EE appliance is not shipped with rails You can mount the appliance to the rack by using the front mounting ports ...

Страница 887: ...rail T o attach the inner rails to the appliance 1 Position the right inner rail behind the ear bracket on the right side of the appliance 2 Align the holes on the rail with the corresponding holes on the side of the appliance 3 Attach the rail to the appliance with the provided screws 4 Repeat steps 1 through 3 to install the left inner rail on the left side of the appliance T o install the rack ...

Страница 888: ...abeled as 1 1 and 1 2 and 1 3 and 1 4 respectively Connecting the Ethernet Cables Ethernet cables connect your appliance to the network The type of cable you need depends on the type of port used to connect to the network Use a category 5e or category 6 Ethernet cable with a standard RJ 45 connector on a 10 100 1000BASE T port T o connect an Ethernet cable to a 10 100 1000BASE T port 1 Insert the ...

Страница 889: ...to it 2 Insert the RJ 45 connector at the other end of the cable into the serial port of the computer or terminal Connecting the Power Cable A SD WAN appliance has one power supply A separate ground cable is not required because the three prong plug provides grounding Provide power to the appliance by installing the power cord Connect the other end of the power cable to a standard 110V 220V power ...

Страница 890: ...he appliance T o switch on the appliance 1 Verify that the appliance is connected through a console or Ethernet port so that you can configure the appliance after it is switched on 2 Press the ON OFF toggle power switch on the appliance 3 On SD WAN 2000 appliance verify that the LCD on the front panel is backlit and the start message appears Caution Be aware of the location of the emergency power ...

Страница 891: ...ou must configure the appropriate IP addresses on the appliance to accelerate the network traffic To perform initial configuration Identify the prerequisites for the initial configuration Record various values required in the initial configuration procedure Configure the appliance by connecting it to the Ethernet port Perform additional configuration for Windows Assign management IP address through ...

Страница 892: ...u should have physical access to the appliance In the Worksheet record all IP addresses and other values you would use to configure the appliance Preferably print out the worksheet before you start the configuration process You should already have a SD WAN license key from Citrix sent in an email If you are using remote licensing you need the IP address of the licensing server WAN Send and Receive...

Страница 893: ...conf igure the appliance by connecting a computer to the SD WAN appliance s Ethernet port 0 1 1 Set the Ethernet port address of a computer or other browser equipped device with an Ethernet port to 192 168 100 1 with a network mask of 255 255 0 0 On a Windows device this is done by changing the Internet Protocol Version 4 properties of the LAN connection as shown below You can leave the gateway an...

Страница 894: ...WAN bandwidth to avoid network congestion 19 By default WAN side adapter settings are configured on the appliance Accept the default settings 20 Click Install After the Installation process is complete the appliance restarts 21 As soon as the appliance restarts the Dashboard page appears 22 To configure the appliance to accelerate the network traffic open navigate to the Conf iguration tab Note Ma...

Страница 895: ...o continue connecting to the management service 7 Log on to the shell prompt of the appliance with the following default credentials Password nsroot 8 At the logon prompt run the following command to open the Management Service Initial Network Address Configuration menu networkconfig 9 Type 1 and press Enter to select option 1 and specify a new management IP address for the management service 10 T...

Страница 896: ...Inc All rights reserved p 896 https docs citrix com Setting up the SD WAN Appliance Nov 23 2016 To set up your NetScaler SD WAN Appliance hardware see the instructions documented in the Setting up the Appliance Hardware section ...

Страница 897: ...tion to pure forwarding modes the appliance has to account for additional types of connections including management connections to the GUI and the heartbeat signal that passes between members of a high availability pair For completeness these additional traffic modes are also listed in table below T able 1 How Ethernet and IP Addresses Determine the Mode Destination IP Address Destination Ethernet ...

Страница 898: ...ppliances to operate as an active standby high availability pair If the primary appliance fails the secondary appliance takes over Additional traffic types are listed here for completeness Pass through traf f ic refers to any traffic that the appliance does not attempt to accelerate It is a traffic category not a forwarding mode Direct access where the appliance acts as an ordinary server or clien...

Страница 899: ...ions use only the bridged ports Some SD WAN units have only the motherboard ports In this case the two motherboard ports are bridged The appliance s user interface can be accessed by a VLAN or non VLAN network You can assign a VLAN to any of the appliance s bridged ports or motherboard ports for management purposes Figure 1 Ethernet Ports The ports are named as follows T able 1 Ethernet Port Names...

Страница 900: ...ration IP Address page The speed duplex settings are set on the Configuration Interface page Notes about parameters Disabled ports do not respond to any traffic The browser based UI can be enabled or disabled independently on all ports To secure the UI on ports with IP addresses select HTTPS instead of HTTP on the Configuration Administrator Interface Web Access page Inline mode works even if a bri...

Страница 901: ...trix recommends that you purchase appliances with bypass cards for all inline deployments The bypass feature is wired as if a cross over cable connected the two ports which is the correct behavior in properly wired installations Important Bypass installations must be tested Improper cabling might work in normal operation but not in bypass mode The Ethernet ports are tolerant of improper cabling an...

Страница 902: ...Citrix Systems Inc All rights reserved p 902 https docs citrix com Two units with multiple bridges can be used in a high availability pair Simply match up the bridges so that all links pass through both appliances ...

Страница 903: ... itself to other acceleration units This address is used internally for a variety of purposes and is most visible to users as the Partner Unit field on the Monitoring Optimization Connections page If no motherboard port is enabled the appliance uses the IP address of Accelerated Pair A The Primary port is used for Administration through the web based UI A back channel for group mode A back channel...

Страница 904: ...example if one traffic stream passing through the accelerated bridge is addressed to 10 0 0 1 VLAN 100 and another is addressed to 10 0 0 1 VLAN 111 the appliance knows that these are two distinct destinations even though the two VLANs have the same IP address You can assign a VLAN to all some or none of the appliance s Ethernet ports If a VLAN is assigned to a port the management interfaces GUI an...

Страница 905: ...de Accelerating All Traffic on a WAN Note Any TCP based traffic passing through both units is accelerated No address translation proxying or per site setup is required Inline mode is auto detecting and auto configuring Configuration is minimized with inline mode because your WAN router need not be aware of the appliance s existence Depending on your configuration inline mode s link down propagation ...

Страница 906: ...ay is closed the appliance s bridge ports are inaccessible If carrier is lost on one of the bridge ports the carrier is dropped on the other bridge port to ensure that the link down condition is propagated to the device on the other side of the appliance Units that monitor link state such as routers are thus notified of conditions on the other side of the bridge Link down propagation has two operat...

Страница 907: ...ting acceleration and it should be used when practical Because all the link traffic is flowing through the appliances the benefits of fair queuing and flow control prevent the link from being overrun In IP networks the bottleneck gateway determines the queuing behavior for the entire link By becoming the bottleneck gateway the appliance gains control of the link and can manage it intelligently This is...

Страница 908: ... can install the appliance on a branch network that includes only those systems This is shown in the following figure Figure 1 Inline Mode Accelerating Selected Systems Only SD WAN traffic shaping relies on controlling the entire link so traffic shaping is not effective with this topology because the appliance sees only a portion of link traffic Latency control is up to the bottleneck gateway and int...

Страница 909: ...p 909 https docs citrix com Configuring and Troubleshooting Inline Mode Dec 26 2012 Inline mode requires only basic configuration because it is applied automatically to any packets passing through the accelerated bridge Troubleshooting is described under ...

Страница 910: ...ealth checking making troubleshooting difficult WCCP is thus the recommended mode and virtual inline is recommended only when inline and WCCP modes are both impractical The following figure shows a simple network in which all traffic destined for or received from the remote site is redirected to the appliance In this example both the local site and remote site use virtual inline mode Figure 1 Virtual...

Страница 911: ...re a single appliance each gets its own traffic back but not the traffic from the other router This mode also works with a single router Send to Gateway not recommended In this mode virtual inline output packets are forwarded to the default gateway for delivery even if they are destined for hosts on the local subnet This option is usually less desirable than the Return to Ethernet Sender option beca...

Страница 912: ... all WAN traffic passes through the appliance Note When considering routing options keep in mind that returning data not just outgoing data must flow through the appliance For example placing the appliance on the local subnet and designating it as the default router for local systems does not work in a virtual inline deployment Outgoing data would flow through the appliance but incoming data would...

Страница 913: ...process Original configuration is in normal type appliance specific configuration is in bold ip cef interface FastEthernet0 0 ip address 10 10 10 5 255 255 255 0 ip policy route map client_side_map interface FastEthernet0 1 ip address 172 68 1 5 255 255 255 0 ip policy route map wan_side_map interface FastEthernet1 0 ip address 192 168 1 5 255 255 255 0 ip classless ip route 0 0 0 0 0 0 0 0 171 68...

Страница 914: ... next hop 192 168 2 200 route map client_side_map permit 10 match ip address client_side set ip next hop 192 168 2 200 _ Each of the above examples applies an access list to a route map and attaches the route map to an interface The access lists identify all traffic originating at one accelerated site and terminating at the other A source IP of 10 10 10 0 24 and destination of 20 20 20 0 24 or vice...

Страница 915: ... 1999 2017 Citrix Systems Inc All rights reserved p 915 https docs citrix com wildcard mask in binary 1 is considered a don t care bit ...

Страница 916: ...ves the asymmetric routing problem by using the router configuration to send all WAN traffic through the appliance regardless of the WAN link used The below figure shows a simple multiple WAN link deployment example The two local side routers redirect traffic to the local appliance The FE 0 0 ports for both routers are in the same broadcast domain as the appliance The local appliance must use the defa...

Страница 917: ...deployment In virtual inline mode a pair of appliances acts as one virtual appliance Router configuration is the same for an HA pair as with a single appliance except that the Virtual IP address of the HA pair not the IP address of an individual appliance is used in the router configuration tables In this example the local appliances must use default virtual inline configuration Return to Ethernet Se...

Страница 918: ...arding failures are typically caused by errors in router configuration If the Monitoring Usage or Monitoring Connections pages show that traffic is being forwarded but no acceleration is taking place assuming that an appliance is already installed on the other end of the WAN link check to make sure that both incoming WAN traffic and outgoing WAN traffic are being forwarded to the appliance If only one...

Страница 919: ... pair The appliances each monitor the other s status by using the standard Virtual Router Redundancy Protocol VRRP heartbeat mechanism The pair has a common virtual IP address for management in addition to each appliance s management IP address If the primary appliance fails the secondary appliance takes over Failover takes approximately five seconds High availability mode is a standard feature ...

Страница 920: ...d during power outages at least one appliance must be attached to a backup power source Note The secondary appliance in the HA pair has one of its bridge ports port apA 1 disabled to prevent forwarding loops If the appliance has dual bridges apB 1 is also disabled In a one arm installation use port apA 2 Otherwise the secondary appliance becomes inaccessible when HA is enabled Primary secondary as...

Страница 921: ...s is depicted only in the middle diagram Figure 1 Cabling for High Availability Pairs Do not break the above topology with additional switches Random switch arrangements are not supported Each of the switches must be either a single monolithic switch a single logical switch or part of the same chassis If the spanning tree protocol STP is enabled on the router or switch ports attached to the applia...

Страница 922: ...e following criteria Have identical hardware as shown by on the System Hardware entry on the Dashboard page Run exactly the same software release Be equipped with Ethernet bypass cards To determine what is installed in your appliances see the Dashboard page Appliances that do not support HA display a warning on the Configuration High Availability page ...

Страница 923: ... IP VIP address which enables you to manage the two appliances as if they were a single unit After you enable high availability mode managing the secondary appliance through its IP address is mostly disabled with most parameters grayed out A warning message displays the reason on every page Use the HA VIP for all management tasks You can however disable the secondary appliance s HA state from its ...

Страница 924: ... to the pair Although the value defaults to zero the valid range of VRRP ID numbers is 1 through 255 Within this range you can specify any value that does not belong to another VRRP device on your network 8 In the Partner SSL Common Name field type the other appliance s SSL Common Name which is displayed on that appliance s Configuration Advanced Deployments High Availability tab in the Partner SS...

Страница 925: ... On the secondary appliance update the software and reboot After the reboot the appliance is still the secondary Verify that the installation succeeded The primary appliance should show that the secondary appliance exists but that automatic parameter synchronization is not working due to a version mismatch 3 On the primary appliance update the software and then reboot The reboot causes a failover ...

Страница 926: ...he Configuration Advanced Deployments High Availability HA tab 2 Unplug a network cable from the bridge of one appliance Call it Appliance A 3 Unplug the power cord from Appliance A 4 Restore the parameters on the other appliance Appliance B by uploading a previously saved set of parameters on the System Maintenance Backup Restore page and clicking Restore Settings Completing this operation requir...

Страница 927: ...es that can interfere with high availability mode are The other appliance is not running The HA parameters on the two appliances are not identical The two appliances are not running the same software release The two appliances do not have the same model number Incorrect or incomplete cabling between the appliances does not allow the HA heartbeat to pass between them The HA Group Mode SSL Certifica...

Страница 928: ...irtual machine is up and running you configure as you would configure a physical SD WAN SE WANOP appliance using the same configuration screens A SD WAN WANOP VPX virtual appliance is similar to a SD WAN Repeater 8500 series appliance including support for the SD WAN Plug in and links of up to 45 mbps Following are the key differences Except for Amazon EC2 instances licensing via remote license serve...

Страница 929: ... 1999 2017 Citrix Systems Inc All rights reserved p 929 https docs citrix com ...

Страница 930: ... 1999 2017 Citrix Systems Inc All rights reserved p 930 https docs citrix com ...

Страница 931: ... 1999 2017 Citrix Systems Inc All rights reserved p 931 https docs citrix com ...

Страница 932: ... 1999 2017 Citrix Systems Inc All rights reserved p 932 https docs citrix com ...

Страница 933: ... 1999 2017 Citrix Systems Inc All rights reserved p 933 https docs citrix com ...

Страница 934: ... 1999 2017 Citrix Systems Inc All rights reserved p 934 https docs citrix com ...

Страница 935: ... 1999 2017 Citrix Systems Inc All rights reserved p 935 https docs citrix com ...

Страница 936: ... 1999 2017 Citrix Systems Inc All rights reserved p 936 https docs citrix com ...

Страница 937: ...017 Citrix Systems Inc All rights reserved p 937 https docs citrix com Login admin Password password admin set adapter apa ip 172 16 0 213 netmask 255 255 255 0 gateway 172 16 0 1 admin restart admin password ...

Страница 938: ... 1999 2017 Citrix Systems Inc All rights reserved p 938 https docs citrix com ...

Страница 939: ... 1999 2017 Citrix Systems Inc All rights reserved p 939 https docs citrix com ...

Страница 940: ... 1999 2017 Citrix Systems Inc All rights reserved p 940 https docs citrix com ...

Страница 941: ... 1999 2017 Citrix Systems Inc All rights reserved p 941 https docs citrix com ...

Страница 942: ... 1999 2017 Citrix Systems Inc All rights reserved p 942 https docs citrix com ...

Страница 943: ... 1999 2017 Citrix Systems Inc All rights reserved p 943 https docs citrix com ...

Страница 944: ... 1999 2017 Citrix Systems Inc All rights reserved p 944 https docs citrix com ...

Страница 945: ... 1999 2017 Citrix Systems Inc All rights reserved p 945 https docs citrix com ...

Страница 946: ... 1999 2017 Citrix Systems Inc All rights reserved p 946 https docs citrix com ...

Страница 947: ... 1999 2017 Citrix Systems Inc All rights reserved p 947 https docs citrix com ...

Страница 948: ... 1999 2017 Citrix Systems Inc All rights reserved p 948 https docs citrix com ...

Страница 949: ... 1999 2017 Citrix Systems Inc All rights reserved p 949 https docs citrix com ...

Страница 950: ... 1999 2017 Citrix Systems Inc All rights reserved p 950 https docs citrix com ...

Страница 951: ... 1999 2017 Citrix Systems Inc All rights reserved p 951 https docs citrix com ...

Страница 952: ... 1999 2017 Citrix Systems Inc All rights reserved p 952 https docs citrix com ...

Страница 953: ... 1999 2017 Citrix Systems Inc All rights reserved p 953 https docs citrix com ...

Страница 954: ... 1999 2017 Citrix Systems Inc All rights reserved p 954 https docs citrix com ...

Страница 955: ... 1999 2017 Citrix Systems Inc All rights reserved p 955 https docs citrix com ...

Страница 956: ... 1999 2017 Citrix Systems Inc All rights reserved p 956 https docs citrix com ...

Страница 957: ... 1999 2017 Citrix Systems Inc All rights reserved p 957 https docs citrix com ...

Страница 958: ... 1999 2017 Citrix Systems Inc All rights reserved p 958 https docs citrix com ...

Страница 959: ... 1999 2017 Citrix Systems Inc All rights reserved p 959 https docs citrix com ...

Страница 960: ... 1999 2017 Citrix Systems Inc All rights reserved p 960 https docs citrix com ...

Страница 961: ... 1999 2017 Citrix Systems Inc All rights reserved p 961 https docs citrix com ...

Страница 962: ... 1999 2017 Citrix Systems Inc All rights reserved p 962 https docs citrix com ...

Страница 963: ... 1999 2017 Citrix Systems Inc All rights reserved p 963 https docs citrix com ...

Страница 964: ... 1999 2017 Citrix Systems Inc All rights reserved p 964 https docs citrix com ...

Страница 965: ... 1999 2017 Citrix Systems Inc All rights reserved p 965 https docs citrix com ...

Страница 966: ... 1999 2017 Citrix Systems Inc All rights reserved p 966 https docs citrix com ...

Страница 967: ... 1999 2017 Citrix Systems Inc All rights reserved p 967 https docs citrix com ...

Страница 968: ... 1999 2017 Citrix Systems Inc All rights reserved p 968 https docs citrix com ...

Страница 969: ... 1999 2017 Citrix Systems Inc All rights reserved p 969 https docs citrix com ...

Страница 970: ... 1999 2017 Citrix Systems Inc All rights reserved p 970 https docs citrix com ...

Страница 971: ... 1999 2017 Citrix Systems Inc All rights reserved p 971 https docs citrix com ...

Страница 972: ... 1999 2017 Citrix Systems Inc All rights reserved p 972 https docs citrix com ...

Страница 973: ... 1999 2017 Citrix Systems Inc All rights reserved p 973 https docs citrix com ...

Страница 974: ... 1999 2017 Citrix Systems Inc All rights reserved p 974 https docs citrix com ...

Страница 975: ... 1999 2017 Citrix Systems Inc All rights reserved p 975 https docs citrix com ...

Страница 976: ... 1999 2017 Citrix Systems Inc All rights reserved p 976 https docs citrix com ...

Страница 977: ... 1999 2017 Citrix Systems Inc All rights reserved p 977 https docs citrix com ...

Страница 978: ... 1999 2017 Citrix Systems Inc All rights reserved p 978 https docs citrix com ...

Страница 979: ... 1999 2017 Citrix Systems Inc All rights reserved p 979 https docs citrix com ...

Страница 980: ... 1999 2017 Citrix Systems Inc All rights reserved p 980 https docs citrix com ...

Страница 981: ... 1999 2017 Citrix Systems Inc All rights reserved p 981 https docs citrix com ...

Страница 982: ... 1999 2017 Citrix Systems Inc All rights reserved p 982 https docs citrix com ...

Страница 983: ... 1999 2017 Citrix Systems Inc All rights reserved p 983 https docs citrix com ...

Страница 984: ... 1999 2017 Citrix Systems Inc All rights reserved p 984 https docs citrix com ...

Страница 985: ... 1999 2017 Citrix Systems Inc All rights reserved p 985 https docs citrix com ...

Страница 986: ... 1999 2017 Citrix Systems Inc All rights reserved p 986 https docs citrix com ...

Страница 987: ... 1999 2017 Citrix Systems Inc All rights reserved p 987 https docs citrix com ...

Страница 988: ... 1999 2017 Citrix Systems Inc All rights reserved p 988 https docs citrix com ...

Страница 989: ... 1999 2017 Citrix Systems Inc All rights reserved p 989 https docs citrix com ...

Страница 990: ... 1999 2017 Citrix Systems Inc All rights reserved p 990 https docs citrix com ...

Страница 991: ... 1999 2017 Citrix Systems Inc All rights reserved p 991 https docs citrix com ...

Страница 992: ... 1999 2017 Citrix Systems Inc All rights reserved p 992 https docs citrix com ...

Страница 993: ... 1999 2017 Citrix Systems Inc All rights reserved p 993 https docs citrix com ...

Страница 994: ... 1999 2017 Citrix Systems Inc All rights reserved p 994 https docs citrix com ...

Страница 995: ... 1999 2017 Citrix Systems Inc All rights reserved p 995 https docs citrix com ...

Страница 996: ... 1999 2017 Citrix Systems Inc All rights reserved p 996 https docs citrix com ...

Страница 997: ... 1999 2017 Citrix Systems Inc All rights reserved p 997 https docs citrix com ...

Страница 998: ... 1999 2017 Citrix Systems Inc All rights reserved p 998 https docs citrix com ...

Страница 999: ... 1999 2017 Citrix Systems Inc All rights reserved p 999 https docs citrix com ...

Страница 1000: ... 1999 2017 Citrix Systems Inc All rights reserved p 1000 https docs citrix com ...

Страница 1001: ... 1999 2017 Citrix Systems Inc All rights reserved p 1001 https docs citrix com ...

Страница 1002: ... 1999 2017 Citrix Systems Inc All rights reserved p 1002 https docs citrix com ...

Страница 1003: ... 1999 2017 Citrix Systems Inc All rights reserved p 1003 https docs citrix com ...

Страница 1004: ... 1999 2017 Citrix Systems Inc All rights reserved p 1004 https docs citrix com ...

Страница 1005: ... 1999 2017 Citrix Systems Inc All rights reserved p 1005 https docs citrix com ...

Страница 1006: ... 1999 2017 Citrix Systems Inc All rights reserved p 1006 https docs citrix com ...

Страница 1007: ... 1999 2017 Citrix Systems Inc All rights reserved p 1007 https docs citrix com ...

Страница 1008: ... 1999 2017 Citrix Systems Inc All rights reserved p 1008 https docs citrix com ...

Страница 1009: ... 1999 2017 Citrix Systems Inc All rights reserved p 1009 https docs citrix com ...

Страница 1010: ... 1999 2017 Citrix Systems Inc All rights reserved p 1010 https docs citrix com ...

Страница 1011: ... 1999 2017 Citrix Systems Inc All rights reserved p 1011 https docs citrix com ...

Страница 1012: ... 1999 2017 Citrix Systems Inc All rights reserved p 1012 https docs citrix com ...

Страница 1013: ...illion addresses can be assigned to the devices connecting to the Internet IPv6 addresses this issue by using 128 bit addresses and a hexadecimal label to identify the network interfaces of devices on an IPv6 network Because IPv6 supports far more IP addresses than does IPv4 organizations and applications are gradually introducing support for the IPv6 protocol The IPv4 and IPv6 protocols are not i...

Страница 1014: ...ance By default traffic throughput is displayed by the last minute However you can change the time frame by selecting Last Minute Last Hour Last Day Last Week or Last Month from the list available on the Title bar of the page This page has three tabs Top Applications Graphs Since Last Restart and Active Applications Since Last Restart The Top Applications Graphs tab contains the following statisti...

Страница 1015: ...nks If you click the hyperlink granular details of the statistics are displayed for the link you have clicked If the appliance has served traffic for an application using IPv6 protocol the application is listed in this table along with its statistics The Since Last Restart tab contains statistics on the application traffic since the time you restarted the appliance The tab contains the Total Applic...

Страница 1016: ...er and the serial numbers of the SD WAN appliances purchased by the customers ZTD High Level Architecture and Workflow Following is a list of roles required to implement the zero touch deployment service 1 Installer installs the appliance at the branch remote location A user responsible for interacting with the service to approve branch appliances for an MCN and also responsible for logging into th...

Страница 1017: ...s passed in this interaction No approval is required from the Web Management Interface Once the appliance connects to the service it downloads the configuration and the software upgrade package 2 Optional Provide an address city state country as part of the installation process 3 Optional Perform speed tests Once the software and configuration are in place the SD WAN Administrator using the service ...

Страница 1018: ...with the new appliance These steps must be completed before the new appliance can connect to the MCN and for data to be transmitted across the SD WAN network Prerequisites for Successful Zero Touch Deployment In order for the zero touch service to function as expected following is the list of requirements that should be met in order to use the zero touch deployment service 1 The branch appliance s...

Страница 1019: ...ranch appliance should query a well known local fully qualified domain name FQDN For example ztd enterprise domain use Citrix as an example ztd citrite net The enterprise domain name itself citrate net can be obtained by the branch appliance through DHCP The complete well known enterprise domain name and the IP address the appliance resolves should be a pre configured DNS entry that is set up by the...

Страница 1020: ...guration Login to Citrix Workspace Cloud to enable ZTD agent The Zero Touch Deployment menu option is now displayed in the SD WAN center web management interface In SD WAN Center navigate to Configuration Zero Touch Deployment Deploy New Site Select an appliance and site Deploy Installer receives activation email Enter the serial number Activate Appliance is deployed successfully To configure Zero ...

Страница 1021: ...ervice the ZTD agent is automatically installed in SD WAN Center and the Zero Touch Deployment menu option becomes available 2 Go to Zero Touch Deployment menu in SD WAN Center If you are not logged into the Citrix Workspace Cloud account you are prompted to Login with Citrix Workspace Cloud user credentials Upon login the SD WAN Center is registered with ZTD agent Note that the Login screen is no...

Страница 1022: ...te and register the Zero Touch Deploymentservice When the appliance is powered on the bootstrap scriptinteracts with Zero Touch Service downloads and installs the agent 3 Navigate to the Zero Touch Deployment welcome page in SD WAN Center under the Deploy New Site tab select the saved network configuration file ...

Страница 1023: ...e Installer Email address Add additional notes if required Click Send Activation Link A message indicating that The Site configuration has been deployed appears The network configuration for the selected branch sites from SD WAN Center configuration file is copied into the Citrix Cloud Workspace when you select Deploy 5 Select the Pending Activation tab Observe the branch site information populated in...

Страница 1024: ...nt interface After the administrator deploys a new site and sends an activation link the installer at the Branch site will activate the link and provide the serial number of the SD WAN 410 SE appliance 6 Check your mailbox to obtain the activation link received and click on the link 7 The page redirects to the Zero Touch Deployment Service page Enter the Serial Number of the appliance and click Ac...

Страница 1025: ...ter you click Activate the Zero Touch Deployment Service screen displays different deployment stages as seen below Waiting for Installer Connecting Downloading Config Applying Config Activated Observe that on the Pending Activation tab page in the SD WAN Center web management interface the status for Branch 1 Site is displayed as Applying Config ...

Страница 1026: ...applied and activated on the Branch site which has the SD WAN 410 SE appliance deployed 10 In the SD WAN Center web management interface the Zero Touch Deployment menu now displays the activated Branch site under the Activation History tab 11 Login to SD WAN 410 SE web management interface and view that the Virtual WAN service is enabled and the 410 SE appliance has acquired the configuration define...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды