Citrix NetScaler EE Operating and maintenance instructions
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.1https://docs.citrix.com
Overview
What's New
Release Notes
NetScaler SD-WAN 9.1.1 Release Notes
NetScaler SD-WAN 9.1.2 Release Notes
Before You Begin
System Requirements
Acquiring the NetScaler SD-WAN Software Packages
NetScaler SD-WAN Software Packages and Appliance Models
NetScaler SD-WAN Appliance Packages
Preparing for Your Deployment
Installation and Configuration Information Checklist
Deployment
Installing and Deploying a SD-WAN VPX Standard Edition on VMware ESXi
Setting up the Master Control Node (MCN) Site
Adding and Configuring the Branch Sites
Configuration
Configuring Virtual WAN Service
Configuring the Virtual Path Service Between the MCN and Client Sites
NetScaler SD-WAN 9.1
Jun 13, 20 17
The NetScaler SD-WAN product was formerly called "CloudBridge". Refer to the links below to access CloudBridge
documentation.
CloudBridge
CloudBridge 9.0 CloudBridge 8.1 CloudBridge 8.0 CloudBridge 7.4 CloudBridge 7.4 CloudBridge 7.3
For information on NetScaler SD-WAN WO 9.1 installation, deployment, and feature configuration, please
refer CloudBridge 7.4 documentation.
NetScaler SD-WAN
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.2https://docs.citrix.com
Enabling and Configuring WAN Optimization
Monitoring
Viewing Statistical Information
Viewing Flow Information
Viewing Reports
How-To-Articles
Virtual Routing and Forwarding
How To Configure Routing Domain
How To Configure Routes
How To Select Routing Domain for Intranet Service
How To Configure Interface Groups
How To Configure Virtual IP Addresses
How To Configure Virtual IP Address Identity
How To Configure GRE Tunnels
How To Configure Access Interface
How to Customize Classes
How to Add Custom Applications and Enable MOS
How to Create Rules
Use Cases
Dynamic Routing
OSPF
iBGP
eBGP
Standby WAN Links
Secure Web Gateway
Use Cases - Virtual Route Forwarding
Deploying SD-WAN in Gateway Mode
Deploying SD-WAN in PBR mode (Virtual Inline Mode)
Building a SD-WAN Network
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.3https://docs.citrix.com
Dynamic Paths for Branch to Branch Communication
Configuring Static WAN Paths
Routing Support for LAN Segmentation
Utilizing Enterprise Edition Appliance to Provide WAN Optimization Services Only
Licensing
Provisioning Licensing
License Procedure
Upgrade
Upgrade to 9.1 With Working Virtual WAN Configuration
Upgrade to 9.1 Without Virtual WAN Configuration
Convert SD-WAN 1000 / 2000 WANOP Appliances to Enterprise Edition With USB
Converting Existing Appliance to Enterprise Edition Appliance
About SD-WAN VPX Standard Edition
NetScaler SD-WAN VPX-SE Installation Requirements and Prerequisites
Differences Between a VPX-SE and a WANOP VPX Installation
Overview of VPX Installation and Deployment Procedures
NetScaler SD-WAN VPX-SE Installation and Configuration Information Checklist
Getting Started
NetScaler SD-WAN Management Web Interface
Installing the SD-WAN Appliance Packages on the Clients
Preparing the SD-WAN Appliance Packages on the MCN
Connecting the Client Appliances to Your Network
Setting up the SD-WAN Appliances
Route Filtering
IPSec Tunnel Termination and Monitoring
How to Configure IPSec Tunnels for Virtual and Dynamic Paths
How To Configure IPsec Tunnel Between SD-WAN and Third-Party Devices
How To Add IKE Certificates
How To View IPSec Tunnel Configuration
IPSec Monitoring and Logging
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.4https://docs.citrix.com
DHCP Client and Server Management
Link State Propagation
Multiple Net Flow Collectors
Network Objects
QoS Fairness With RED
SNMP MIBs
MPLS QoS Queues
NetScaler SD-WAN Center 9.1
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.5https://docs.citrix.com
Overview
Oct 04, 20 16
The NetScaler SD-WAN product was formerly called "CloudBridge". Similar to the previous product portfolio, NetScaler SD-
WAN is available in three different editions, allowing you to deploy the features you need at each location with easy
upgrades, configuration, and monitoring.
All references to the term “CloudBridge” is applicable to the new product term “NetScaler SD-WAN”.
For more information about the NetScaler SD-WAN platform editions, see the product datasheet and product portfolio at:
https://www.citrix.com/content/dam/citrix/en_us/documents/data-sheet/netscaler-sd-wan-datasheet.pdf and
https://www.citrix.com/products/netscaler-sd-wan/platforms.html.
NetScaler SD-WAN Platform Editions
There are three NetScaler SD-WAN Editions each with a different set or subset of NetScaler SD-WAN features.
NetScaler SD-WAN Enterprise Edition (EE) – This Edition includes both Standard Edition and WAN Optimization
features. Enterprise Edition Integrates WAN virtualization with WAN optimization capabilities to optimize branch and
mobile user experience and to achieve fully resilient applications regardless of network quality For release 9.1, Enterprise
Edition is available for the 1000-VW and 2000-VW branch hardware appliances, only.
NetScaler SD-WAN Standard Edition (VW/SE) – This Edition includes Standard Edition Virtual WAN features, only. It
supports software-defined WAN capability to create a highly reliable network from multiple network links and to ensure
that each application takes the best path to achieve the highest application performance.
NetScaler SD-WAN Optimization Edition (WANOP) – T his Edition includes WAN Optimization features, only. It
supports application acceleration, data reduction and protocol control to optimize applications across the WAN.
Optionally, it can include virtual Windows Server to simplify branch infrastructure and mobile PC plug-in capability.
Note
The WANOP Edition and Standard/Enterprise Edition are separate hardware platforms running different software.
In a data center, administrators can deploy one Standard Edition and one WANOP Edition to achieve Enterprise Edition capabilities. In
the branch office, administrators can choose to deploy either a Standard Edition or WANOP Edition. Alternatively, the benefits of
both Standard and WANOP Editions can be accomplished by deploying a single Enterprise Edition at the branch office.
See the Licensing section, for more information about the license options available for using NetScaler SD-WAN platform
editions.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.6https://docs.citrix.com
Release Notes
Oct 09, 2016
This release notes describes the new features, enhancements, known issues, and fixed issues applicable to Citrix NetScaler
SD-WAN software release 9.1 for the SD-WAN Standard Edition and Enterprise Edition appliances.
For information about the previous product called CloudBridge Virtual WAN and CloudBridge Enterprise Editions, see the
CloudBridge Virtual WAN Administration Guide.
Aslo, for information about WAN OP edition, refer to the CloudBridge 7.4.x documentation.
Limitations
Enterprise Edition appliances cannot be joined to Active Directory Domains. To accelerate file or Microsoft Exchange
servers in a branch, a standalone WAN Optimization deployment is required.
Secure peering is required for WAN optimization of signed SMB or encrypted MAPI traffic. This is only supported on data
path IPs and is not supported over the management IPs.
Automatic Secure peering of an Enterprise Edition appliance from a standalone WAN Optimization appliance requires
that the datacenter side WAN Optimization appliance is running release 7.4.x or later.
Virtual WAN Enterprise Edition does not support WAN optimization of SSL traffic.
Known Issues
Release 9.1
We b Manageme nt Interf a ce
Issue ID 636005: Single bundle upgrade of NetScaler SD-WAN from release 8.1 or 9.0 to 9.1 fails if using Internet Explorer
version 11.0
If you use Internet Explorer version 11.0 to connect to the web management interface and navigate to
Configuration > System Maintenance > Update Software, the following error message appears when you
attempt to perform a single bundle Virtual WAN or SD-WAN upgrade from release 8.1.x or 9.0.x to release 9.1.x:
An error occurred while transfer of software to change management system. No space file =
C:\Users\Administrator.NSLB1\Downloads\ CB-VW-PKG-9.1.0.114.upg
Workaround: Use a different web browser, such as Mozilla Firefox or Google Chrome.
Issue ID 659515: NetScaler SD-WAN web interface freezes at the Quick Install Wizard page.
Description: T he Quick Install Wizard page appears instead of the admin login page when a NetScaler SD-
WAN VPX WANOPT instance deployed on VMware (OVA template) or HyperV (XVA template) with the 9.1
software image is restarted. After the restart, the SD-WAN web interface freezes at the Quick Installation
page, and clicking the Skip Install button does not work. Also, the Install button on the Quick Installation
page is not enabled. The web interface stays frozen on the Quick Installation page.
Workaround: Skip the Quick Installation wizard by clicking the Dashboard tab, then the Monitoring tab, and then
the Configuration tab in the web interface. Configuration otherwise available through the quick install wizard has to
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.7https://docs.citrix.com
be performed manually through the web interface options available on the Configuration page.
ICA Connectivity and Client Session
Issue ID 658696: LINUX VDA version field for ICA Session information on WAN OPT appliance is blank or empty
Description: In a LINUX VDA session on a WAN OPT appliance, the VDA version field in the session information
table at ICA Advanced > Session/Conn is empty.
Issue ID 660501: Session Reconnection of NetScaler SD-WAN WAN OPT client fails with HTML5 Receiver version 2.1.
Description: When you attempt to reconnect to a NetScaler SD-WAN WAN OPT client session through
XenDesktop or XenServer with HT ML5 Receiver version 2.1, the session reconnect fails.
Steps:
1. In XenDeskop, click Launch application through the HTML5 Receiver.
2. In the storefront setting, select Always use HTML5 receiver.
3. Disrupt the connection for more than a minute, and they try to reconnect. The session reconnect fails and
the XenDesktop session closes with an error.
Licensing
Issue ID 659809: DBV check support for Remote Licensing Server configuration on Virtual-WAN and SD-WAN appliances
Description: T he DBV check fails and the appliance becomes unlicensed after an upgrade, if the Maintenance
date is expired, and when the customer has Remote License configured on the SD-WAN.
Workaround: Ensure that the Maintenance date in the license file is more recent than the Built date of the SD-WAN
or Virtual-WAN software image that is being upgraded.
Networking and Security
Issue ID 653039: IPsec Rekey based on Data (KB) not working properly
Description: In this release, NetScaler SDWAN does not support IPsec tunnel Rekey based on the assigned data
(Kilo Bytes). After the available data KB is exhausted, the IPsec tunnel is not brought down and rekeying does
not work. No data loss is observed.
Configure an IPsec Tunnel between the SD-WAN appliance Intranet and third-party appliance in the SD-WAN
network and set IKE and IPsec Lifetime in seconds to 3600 seconds, set IPsec Lifetime in KB to 500 KB. Use the
ping command to send basic ICMP traffic (for example, ping 6.2.1.1 -I 5.2.1.1 -s 1000 – i 0.001). Generate enough
traffic so that the IPsec SA lifetime in KB uses 500KB.
During this phase, the IPsec Rekey has to happen before expiration of Lifetime in KB, but the IPsec Tunnel is
deleted after data expiration and packets are dropped. The new IPsec tunnel is established after a few seconds.
Root Cause: All IKE/IPSec generated events are placed in an event queue with a timestamp attached to each entry
within the queue. When the queue timestamp expires, the queued event is processed, and the entry is removed from
the queue. In the case of data expiry, a duplicate entry already present in the event queue does not allow the rekey
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.8https://docs.citrix.com
to occur.
SNMP
Issue ID 655068: The SNMP MIB table entry query for the management interface returns incorrect values.
Description: In the management interface, the values of the SNMP query table fields for Bytes Sent, Packets
Sent, Bytes Received, Packets Received, and Bytes Dropped fields are zero (0). Only the Packets Dropped field
has a larger value.
Workaround: Use the following command to obtain the table output:
snmptable -v2c -c public <ip> -Cb CITRIX-NetScaler-SD-WAN-MIB::sdWANStatsEthernetInterfaceTable
Issue ID 660821: The SNMP MIB table entry query for Dynamic WAN paths displays “0” instead of no entries when
Dynamic WAN Paths are not configured.
Description: Each field of the Dynamic WAN Path snmptable -v2c -c public -Cb <ip> CITRIX-NetScaler-SD-WAN-
MIB::sdWANStatsDynamicWANClassTable displays a zero (0) instead of no entry.
Platf orm
Issue: On the 4000 Standard Edition appliances, the link state for 10G interface is not propagated when the 10G link
becomes inactive. The link states for all other 1G interfaces are propagated correctly.
SD-WAN Center
Issue ID 580103: E-Mail and Syslog event notifications not displayed for the PATH event type in SD-WAN Center.
Description: In the SD-WAN Center web interface, events raised for WAN PATH objects from the MCN are visible
in the Event Viewer, but the email or syslog notifications are not available.
Issue: Direct upgrade from previous releases to 9.1 is not supported for SD-WAN Center
Description: Upgrading SD-WAN Center from release 8.x or 9.0.x to 9.1 requires an intermediate upgrade to
Release 9.0.1 build 1000.
Workaround: T he intermediate upgrade is not required if you use a new software image of Release 9.1 SD-WAN
center.
Release 9.0.1
Issue ID 640507: Auto secure peering feature will not work over TLS1.2 until support is added to Data Path Access.
Currently TLS1.2 support is limited to Management Path Access only.
command COPY
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.9https://docs.citrix.com
- Workaround: Auto secure peering has to be performed over HTTPS configuration using the default "Any
Protocol" and then the configuration can be moved to "TLS1.2".
Issue ID 641505: Direct upgrade of MCN from version 8.1 to 9.0.1 on VPX on a VMware ESXi server fails.
- Workaround: Upgrade to version 9.0 first and then to 9.0.1.
Release 9.0
Issue ID 608355 : When Citrix XenServer private networks are deployed for CloudBridge VW VPX along with CloudBridge
WAN Optimization VPX, the ‘Checksum.SendForceSW’ parameter available through the support.html page on the WAN
OPT web interface must be turned off.
Issue ID 580103: In Virtual WAN Center, events raised for WAN PAT H objects are visible in the Event Viewer, but are not
available for email or syslog notifications.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.10https://docs.citrix.com
NetScaler SD-WAN 9.1.1 Release Notes
Dec 19, 20 16
These release notes describe the new features, enhancements, known issues, and fixed issues applicable to Citrix NetScaler
SD-WAN software release 9.1.1. The list of known issues is cumulative, that is, it includes issues that are newly found in this
release and also issues from previous releases.
Note
This release note document does not include security related fixes. For a list of security related fixes and advisories, see the Citrix
security bulletin.
The [# XXXXXX] labels for issue descriptions are internal tracking IDs used by the SD-WAN support team.
What's New
The following new features and enhancements were introduced in NetScaler SD-WAN for Release 9.1.1.
New Appliance Support
Support for new Standard Edition appliance; 410-SE. 410-SE is a small, affordable 1U appliance suitable for smaller
branch offices. It supports WAN speeds of up to 150 Mbps.
For more information, see the SD-WAN 400 and 410 Standard Edition hardware documentation.
Licensing
Support for 300 Mbps SKU on 2000-SE appliance.
Enhancements
SNMP MIBs
ENH0655072 - Support for adding enterprise MIB object to provide Service Uptime and Appliance Uptime information
(values).
Fixed Issues
OSPF Neighbor relationship traffic does not pass through the NetScaler SD-WAN 4000 appliance
Issue ID: 604657 - The multicast packets used for creating OSPF neighbor relationship between routers are not
observed when Virtual WAN service is enabled on SD-WAN 4000 appliance, but is working fine on the 2000 and VPX
appliances.
Workaround: None
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.11https://docs.citrix.com
Known Issues
New Hardware Platf orm - Configuration
Issue ID 667650: Configuration of 410-SE appliance through default management IP address is not supported.
When you reset a new factory-shipped 410-SE appliane to the factory configuration, it acquires a default DHCP
IP address. If you connect the appliance's management port to another device for example; laptop and attempt to use the
default static IP address (192.168.100.1) to configure the appliance, the IP address of the appliance is lost.
Workaround: Use the acquired default DHCP IP address for configuration or use the serial console.
Issue ID 668128: Default IP address is lost when applying local change management with no assigned DHCP IP address
on the 410-SE appliance.
If you reset a factory-shipped 410-SE appliance to it's factory configuration, the appliance acquires a default
DHCP IP address. If you then remove the appliance from the DHCP network and restart it, it acquires the default IP
address (192.168.100.1). Typically, you connect the appliance's management port to another device for example; laptop and
use the default static IP address (192.168.100.1) to access the web management interface and install the license. When you
then apply Local Change Management, click Activate and click Done, the appliance's default IP address is lost. It also no
longer has the DHCP IP address because it was removed from DHCP network.
Workaround: Reboot the appliance or use the serial console.
Licensing
Issue ID 666146: SD-WAN WANOP License page might not refresh when Local License file is uploaded.
Workaround: Wait for a few seconds, and then refresh the page or navigate to a different node and then click on
the Licensing page again.
Diagnostics - NetScaler SD-WAN WANOP 4 000 and 5000
Issue ID 668321: On NetScaler SD-WAN WANOP 4000 or 5000 appliances, the Erase All Files option on
the Diagnostics page of the GUI does not work.
In the SD-WAN WANOP GUI, under Configuration > Diagnostics > Diagnostics Files, the Erase All Files option
does not erase/delete/remove all the Diagnostics files.
Expected Behavior: All diagnostic files should be removed when you click Erase All Files.
Workaround: Use the Erase button to delete individual files.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.12https://docs.citrix.com
NetScaler SD-WAN 9.1.2 Release Notes
Jan 17, 2017
These release notes describe the new features, enhancements, known issues, and fixed issues applicable to Citrix NetScaler SD-WAN software release 9.1.2. The list of known issues is cumulative,
that is, it includes issues that are newly found in this release and also issues from previous releases.
Note
This release note document does not include security related fixes. For a list of security related fixes and advisories, see the Citrix security bulletin.
The [# XXXXXX] labels for issue descriptions are internal tracking IDs used by the SD-WAN support team.
Enhancements
OSPF routing enhancements
SD-WAN OSPF routes can now be advertised as Intra-area routes (Type 5 or Type 1) to participate in OSPF path selection as per it's route cost set. This prevents complex PBR configurations when
deploying SD-WAN in one-arm and non-Citrix networks.
Support for WAN Edge HA (Serial HA)
Fixed Issues
New Hardware Platf orm - Configuration
Issue ID 667650: Configuration of 410-SE appliance through default management IP address is not supported.
When you reset a new factory-shipped 410-SE appliane to the factory configuration, it acquires a default DHCP IP address. If you connect the appliance's management port to another
device for example; laptop and attempt to use the default static IP address (192.168.100.1) to configure the appliance, the IP address of the appliance is lost.
Issue ID 668128: Default IP address is lost when applying local change management with no assigned DHCP IP address on the 410-SE appliance.
If you reset a factory-shipped 410-SE appliance to it's factory configuration, the appliance acquires a default DHCP IP address. If you then remove the appliance from the DHCP network
and restart it, it acquires the default IP address (192.168.100.1). Typically, you connect the appliance's management port to another device for example; laptop and use the default static IP address
(192.168.100.1) to access the web management interface and install the license. When you then apply Local Change Management, click Activate and click Done, the appliance's default IP address is
lost. It also no longer has the DHCP IP address because it was removed from DHCP network.
Licensing
Issue ID 666146: SD-WAN WANOP License page might not refresh when Local License f ile is uploaded.
Diagnost ics - NetS c a le r SD-WAN WANOP 400 0 and 5000
Issue ID 668321: On NetScaler SD-WAN WANOP 4000 or 5000 appliances, the Erase All Files option on the Diagnostics page of the GUI does not work.
In the SD-WAN WANOP GUI, under Configurat ion > Diagnostics > Diagnost ics Files, the Erase All Files option does not erase/delete/remove all the Diagostics files.
Incorrect CLI output f or Connection Idle Timeout
Issue ID 671169: Discrepancy between CLI output and GUI display f or Connection Idle Timeout parameter
The show-config-script command output displays the Connection Idle T imeout parameter as disabled even when it is Enabled in the GUI and vice-versa.
Workaround: None
Known Issues
Net Scaler SD-WAN VPX sof tware downgrade failure from release 9.1.2 t o 9.1.0
Isuse ID 662369: Software downgrade from release 9.1.2 to 9.1.0 fails on SD-WAN VPX appliances
Downgrading software version from 9.1.2 to 9.1.0 on NetScaler SD-WAN VPX appliances in XenServer, VMWare ESXi, and AWS environments fails. All SD-WAN services are disabled and both
GUI and CLI become unresponsive.
Workaround: None
Net Scaler SD-WAN WANOP VPX web management interface
Issue ID 629687: Unable to access the GUI on SD-WAN WANOP VPX appliance
After you import and configure the two apA NetScaler SD-WAN WANOP VPX adapters with DHCP IP address f rom the VPX console, and then shut down and restart the VPX, the NetScaler
SD-WAN WANOP VPX appliance is restarted and you can navigate to the Network adapters page in the GUI. Configure the primary adapter IP address in the GUI and reboot the appliance as
prompted. Now, you cannot access the GUI using the primary adapter configuration.
Workaround: Configure the primary adapter IP address in the CLI and enable web management. Reboot the appliance as prompted. You can access the GUI without any issues.
Routing-OSPF Link-St a te Adve rtisement (LS A) ID Collision
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.13https://docs.citrix.com
Issue ID 671213: LSA ID collisions are observed in OSPF Type-1 deployment
A NetScaler SD-WAN appliance does not support OSPF Type-1 LSAs when deployed as an Area Border Router (ABR) in OSPF Type-1 Intra Area stub-networks.
Net Scaler SD-WAN 2000 Enterprise Edit ion (WANOP service) - DHCP and Static IP address warning message
Issue ID 671528: When a NetScaler SD-WAN 2000 EE appliance is in factory default state, the appliance acquires both DHCP IP address and static IP address. The following warning message is
displayed when you access the web management interface with the default static IP address (192.168.100.1);
This appliance has both DHCP IP address (162.198.10.10/24) and factory default IP
address (192.168.100.1/16). If you want to use static IP address, it is required to update your management network IP address settings before proceeding with ANY other configuration steps.
If
you disable WAN Optimization on this SD-WAN 2000 EE appliance and apply configuration from the Local Change Management and Activat e it, the web management interface displays
previous warning message instead of the following warning message;
Failed to apply configuration on for WAN OP service
.
This warning message is overwritten by the previous warning message.
Workaround: None
Net Scaler SD-WAN 5100 SE and 2000 SE gat eway IP address is not updated even af ter moving t he appliance to another DHCP net work
Issue 671131: The NetScaler SD-WAN 5100 SE and 2000 SE appliances acquire DHCP IP address f rom the DHCP server in which they are configured. When you configure the appliances in another
network with a dif ferent DHCP server, the appliances acquire the DHCP IP address from the newly configured DHCP server. However, the gateway IP address of the appliances is not changed and
still shows the gateway IP address from the previously configured DHCP network. This issue does not occur with DNS configuration.
Workaround: Reboot the appliances to obtain the correct gateway IP address and DHCP IP address f rom the configured DHCP network.
SSL Secure Peering not est ablished between 4 000/5000 appliances configured at t he branch site and data center
Issue 665823: After you provision SSL secure tunnel configuration and instances on the 4000 and 5000 appliances with factory image version 9.1.2, the following message is displayed on the
appliances configured at the branch site:
unable to activate signalling listener for the following IP/TCP ports.
Workaround: Reboot the appliance f or secure peering functionality to work.
Gateway IP address of CB-VW is not getting Changed even after moving the CB to another network(different DHCP server)
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.14https://docs.citrix.com
What's New
Oct 27, 20 16
The following new features and enhancements were introduced in NetScaler SD-WAN (Standard and Enterprise Editions)
for Release 9.1.
Networking
Support for Virtual Routing and Forwarding and Virtual IP address identification through the Routing Domain
configuration.
Dynamic Routing capability by implementing OSPF and BGP protocols:
- Learn about route changes in the network through OSPF and BGP (single Autonomous system).
- Support for internal BGP (iBGP) and external (eBGP).
- Ability to configure OSPF and BGP parameters from the configuration editor.
- Advertise route updates within the routing domain through OSPF and BGP protocols.
- Ability to filter learned routes based on configured filters.
- Support for maximum of 16000 routes at each site (static and dynamic). The maximum routes that can be configured is independent of the
number of routing domains available.
Ability to view the date and time for a BGP session in the web interface under Diagnose > Dynamic Routing Protocols
> BGP State.
Route Learning through import filters to learn routes from peer routers to establish OSPF adjacency and bgp peering.
Export Filters are used to include or exclude routes for advertisement of virtual path routes between sites or locally
created static routes through OSPF and BGP based on route filtering.
Support for IPsec Tunnel termination and monitoring between two SD-WAN sites, or between a SD-WAN appliance and
non-SD-WAN appliance.
QoS Classification and fairness by using Random Early Detection (RED).
Manageability
DHCP client support on untrusted interfaces on the branch nodes to obtain IP addresses dynamically from a server for
the access interface through the Netscaler SD-WAN appliance configured as DHCP client. A MCN node cannot be
configured as DHCP client.
Simplified network configuration DHCP relay and server supported on the SD-WAN appliance management port.
In the web interface, the option to Purge Flows has been moved to Diagnose > Purge Flows and the status of DHCP
Client WAN Links is now displayed under Manage Appliance > Local Network Settings.
Support for enhanced Match Criteria Rules through VLAN ID and Routing.
Ability to configure three Multiple Net Flow Collectors.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.15https://docs.citrix.com
Ability to configure Link State Propagation (LSP) for a bypass pair. LSP keeps the link state of a bypass pair synchronized
allowing attached devices on the other end of a link to detect when the link is down. When one port of a bypass pair
becomes inactive, the coupled port is brought down administratively. When the disrupted port is restored, its
corresponding port is automatically brought back up. This achieves faster failure detection and remedy for minimal
packet loss.
SNMP and CLI features support for SD-WAN Standard and Enterprise Editions.
SD-WAN Center support on XenServer hypervisor.
Security Support
Secure web gateway support for ZScaler Interoperability using GRE encapsulation.
NetScaler SD-WAN New Feature Summary
NetScaler SD-WAN introduces Virtual Routing and Forwarding while providing additional security and manageability through
network segregation. It also introduces Dynamic Routing which allows the Standard and Enterprise edition appliances to
discover LAN subnets, advertise virtual path routes, and fit seamlessly into networks using the IBGP, EBGP, and OSPF routing
protocols while eliminating the need for static route configuration. NetScaler SD-WAN allows network administrators to
secure site-to-site IPsec Tunnels on SD-WAN and third-party appliances.
In addition to the routing enhancements, the introduction of WAN Link IP Address Learning enables the Standard and
Enterprise edition appliances to automatically learn WAN Link IP addresses on untrusted interfaces and reduce
configuration times. The Link of Last Resort feature saves costs by configuring specific WAN Links which will only be utilized
for user traffic when all other available WAN Links become unavailable.
For more information about each of these supported features, refer to the topics listed on the left navigation panel.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.16https://docs.citrix.com
Licensing
Oct 06, 2016
NetScaler SD-WAN License Options
There are three NetScaler SD-WAN Editions each with a different set or subset of NetScaler SD-WAN features. The type
of license you install determines only the NetScaler SD-WAN Standard Edition or Enterprise Edition appliances, and is only
applicable to the 1000-VW and 2000-VW platforms. It does not apply to the WANOP platforms.
The current licensing model does not support all three editions for all the different platform models available.
Note
When installing and applying a license, make sure that your specific appliance supports the NetScaler SD-WAN Edition you want to
enable, and that you have the correct software version in place.
NetScaler SD-WAN Platform Software Support
The following table illustrates which NetScaler SD-WAN platforms are supported for each of the available NetScaler SD-
WAN software versions.
Version WAN Optimization Edition Standard Edition Enterprise Edition
R.7.X Yes — —
R.8.X — Yes —
R.9.0 — Yes Yes
R 9.1 Yes Yes Yes
NetScaler SD-WAN 9.1 introduced a new set of licenses specific to the SD-WAN solution. Earlier version of licenses,
including those compatible with release 7.x, are not supported with the NetScaler SD-WAN release. The existing process to
obtain NetScaler SD-WAN licenses remains consistent with the CloudBridge 8.0.x, and 9.0.x releases. Once obtained, the
licenses can be activated through the appliance’s management web interface.
The following table lists all the appliance models supported in NetScaler SD-WAN 9.1. release:
Platf orm Edition License Model
Standard VPX VPX-10-VW, VPX-20-VW, VPX-50-VW, VPX-100-VW
Standard 400 400-010-VW, 400-020-VW, 400-050-VW
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.17https://docs.citrix.com
Standard 1000 1000-020-VW, 1000-050-VW, 1000-100-VW
Standard 2000 2000-100-VW, 2000-200-VW
Standard 4000 4000-300-VW, 4000-500-VW, 4000-1000-VW, 4000-2000-VW
Standard 5100 5100-1000-VW, 5100-2000-VW, 5100-3000-VW, 5100-4000-VW
Enterprise 1000 1000-010-EE, 1000-020-EE, 1000-050-EE, 1000-100-EE
Enterprise 2000 2000-100-EE, 2000-200-EE, 2000-250-EE
WANOP VPX VPX 2, VPX 6, VPX 10, VPX 20, VPX 50, VPX 100, VPX 200
WANOP 400 400-2, 400-6
WANOP 800 800-2, 800-6, 800-10
WANOP1000 1000-6, 1000-10, 1000-20
WANOP 2000 2000-10, 2000-20, 2000-50
WANOP 3000 3000-50, 3000-100, 3000-155
WANOP 4000 4000-310, 4000-500, 4000-1000
WANOP 5000 5000-1500, 5000-2000
Platf orm Edition License Model
VPX models allow 2, 6, 10, 20, 50, 100, and 200 Mbps bandwidth licenses. At least two 2.1 GHZ CPUs are required in order to
support the VPX instances.
Before you can download the software, you must obtain and register a NetScaler SD-WAN
software license. For instructions on obtaining a NetScaler SD-WAN software license, please contact Citrix NetScaler SD-
WAN Customer Support. Instructions for uploading and installing the license file on your appliances are provided in the
section, Uploading and Installing the SD-WAN Software License File. However, before installing the license, you must first
set up the appliance hardware, and set the date and time for the appliance.
Returning and Reallocating Licenses
To return or reallocate a license, you must use the Citrix NetScaler SD-WAN Licensing Portal. You also have the option to
use the Licensing Portal for license allocation. For instructions, see the Knowledge Base article entitled, “My Account All
Licensing Tools User Guide,” at this location:
http://support.citrix.com/article/ctx131110
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.18https://docs.citrix.com
Provisioning Licensing
Sep 15, 20 16
The license procedure for provisioning licensing for SD-WAN platform editions covers the following topics:
Supported SD-WAN license model for 9.0
Remote License Server support for SD-WAN VPX-SE appliances
Pre-requisites for using Remote License Server
Use Cases
Deployment scenarios supported for 9.1
Remote License server reachable in Management network (without using data/aPA Ports)
Remote License server in the Branch network
SD-WAN VPX-SE - PBR Deployment in the Branch Office
Deployment scenarios not supported for 9.1
Remote License server deployed in Data Center (data/apA Ports)
Import SD-WAN VPX-SE license on XenServer/ESXi 9.1
Local License
Remote License
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.19https://docs.citrix.com
License Procedure
Oct 06, 2016
Pre-requisites for using Remote License Server for SD-WAN appliances.
NT P should be configured for both License server and SD-WAN (date and time should be in-sync)
Remote License Server version should be 11.13.1 or earlier.
It is recommended that you use the latest License Server version:
Release 9.1: 11.13.1 L.S
Release 9.0: 11.13.1 L.S
Release 8.1: 11.12.1 L.S
Use Cases
1. Remote license server reachable through the management network without using data/apA Ports.
2. Remote license server in the Branch network.
3. SD-WAN VPX-SE - PBR deployment in the Branch office.
Deployment scenarios not supported f or 9.1
4. Remote license server deployed in Data Center reachable through the data/apA Ports.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.20https://docs.citrix.com
Local License
Importing SD-WAN VPX-SE license deployed on XenServer/ESXi:
1. In the SD-WAN web management interface, navigate to Configuration > Appliance Settings > Licensing.
2. Select Local and upload the License. Click Upload and Install.
3. Save your changes by clicking Apply Settings.
Remote License
1. In the SD-WAN web management interface, navigate to Conf iguration > Appliance Settings > Licensing.
2. Select Remote and enter the Remote Server-IP address details.
This manual suits for next models
3
Other Citrix Network Hardware manuals
Popular Network Hardware manuals by other brands
Cabletron Systems
Cabletron Systems SPECTRUM FRX6000 Installation & setup guide
BlueNet Video
BlueNet Video BB01 instruction manual
Juniper
Juniper SSR120 Hardware guide
Enerwave
Enerwave WF15RM installation instructions
Huawei
Huawei CR52K-2xPOS/STM64 Specifications
PairGain
PairGain PG-Flex FSU-796 Quick reference guide
