Citrix SD-WAN WANOP 10.2 User manual
Citrix SD-WAN WANOP 10.2
Citrix Product Documentation | docs.citrix.com October 27, 2020
Citrix SD-WAN WANOP 10.2
Contents
About Citrix SD-WAN WANOP 3
Get started with Citrix SD-WAN WANOP 12
Select an appliance based on capacity 13
Select the deployment mode based on datacenter topology 16
Sites with one WAN router 17
Sites with multiple WAN routers 19
Appliance failure handled in various deployment modes 22
Supported mode and feature matrix 22
Configure Citrix SD-WAN WANOP plug-in with Access Gateway VPNs 25
Deploy SD-WAN WANOP VPX on Microso Azure 27
SD-WAN WANOP upgrading procedure 32
Initial Configuration 34
Prerequisites 35
Deployment Worksheet 36
Configuring the Appliance 39
Assigning a Management IP Address through the Ethernet Port 39
Assigning a Management IP Address through the Serial Port 41
Provisioning the Appliance 42
Deployment Modes 46
Customizing the Ethernet ports 48
Port Parameters 49
Accelerated Bridges (apA and apB) 50
Motherboard Ports 51
© 1999-2020 Citrix Systems, Inc. All rights reserved. 2
Citrix SD-WAN WANOP 10.2
VLAN Support 52
Customizing the Ethernet ports 52
Ethernet Bypass and Link-Down Propagation 53
Accelerating an Entire Site 54
Partial-Site Acceleration 54
Configuring and Troubleshooting Inline Mode 55
WCCP Mode 55
WCCP Mode (Non-Clustered) 59
WCCP Clustering 66
Virtual Inline Mode 72
Configuring Packet Forwarding on the Appliance 73
Router Configuration 73
Virtual Inline for Multiple-WAN Environments 77
Virtual Inline Mode and High-Availability 78
Monitoring and Troubleshooting 78
Group Mode 78
When to Use Group Mode 79
How Group Mode Works 80
Enabling Group Mode 81
Forwarding Rules 82
Monitoring and Troubleshooting Group Mode 83
Customizing the Ethernet ports 84
How High-Availability Mode Works 85
Cabling Requirements 86
© 1999-2020 Citrix Systems, Inc. All rights reserved. 3
Citrix SD-WAN WANOP 10.2
Other Requirements 86
Management Access to the High-Availability Pair 87
Configuring the High-Availability Pair 87
Updating Soware on a High-Availability Pair 88
Saving/Restoring Parameters of an high availability Pair 89
Troubleshooting High Availability Pairs 90
Two box mode 90
FAQs 94
Acceleration 95
CIFS and MAPI 95
Compression 97
RPC over HTTPS 99
SCPS 100
Secure peering 101
SSL Acceleration 102
Citrix SD-WAN WANOP plug-in 103
Traic shaping 108
Upgrade (OS) Process 109
Video caching 117
Oice 365 Acceleration 122
Compression 124
HTTP acceleration 130
How HTML5 works 132
Internet Protocol version 6 (IPv6) acceleration 134
© 1999-2020 Citrix Systems, Inc. All rights reserved. 4
Citrix SD-WAN WANOP 10.2
Link definitions 139
Manage link definitions in traic shaping 141
Configure link definitions 142
Manage and monitor using Citrix Application Delivery Management 147
Citrix Cloud Connector 148
Configure cloud connector tunnel 152
Configure cloud connector tunnel between two datacenters 154
Configure cloud connector tunnel between a datacenter and AWS/Azure 159
Oice 365 acceleration 165
SCPS support 177
Secure traic acceleration 178
Secure peering 178
CIFS, SMB2, and MAPI 183
Configure Citrix SD-WAN WANOP appliance to optimize secure Windows traic 185
Configure CIFS and SMB2/SMB3 acceleration 201
Configure MAPI acceleration 208
SSL compression 210
How SSL compression works 211
Configure SSL compression 213
SSL Compression with Citrix SD-WAN WANOP plug-in 221
RPC over HTTP 222
TCP Flow-Control acceleration 225
Lossless and transparent flow control 226
Speed optimization 227
© 1999-2020 Citrix Systems, Inc. All rights reserved. 5
Citrix SD-WAN WANOP 10.2
Auto-discovery and auto-configuration 229
TCP flow control modes 230
Firewall considerations 232
Traic classification 233
Application classifier 234
Service classes 236
Traic shaping 241
Weighted fair queuing 242
Traic shaping policies 244
Video caching 247
Video caching scenarios 249
Configure video caching 252
Video prepopulation 257
Verify video caching 264
Manage video caching sources 266
WAN insight 268
Asymmetric routing 272
Citrix SD-WAN WANOP client plug-in 274
Hardware and soware requirements 275
How WANOP plug-in works 276
Deploy appliances for use with plug-ins 285
Customize plug-in’s MSI file 288
Deploy plug-ins on Windows 290
Citrix SD-WAN WANOP plug-in GUI 295
© 1999-2020 Citrix Systems, Inc. All rights reserved. 6
Citrix SD-WAN WANOP 10.2
Update Citrix SD-WAN WANOP plug-in 299
XenApp and XenDesktop acceleration 299
Configure XenApp acceleration 300
Optimize Citrix Receiver for HTML5 302
Deployment modes 304
Adaptive transport interoperability 312
XenServer 6.5 upgrade 312
Maintenance 313
Diagnostics 316
Troubleshooting 323
CIFS and MAPI 323
Citrix SD-WAN WANOP plug-in 326
RPC over HTTPS 327
Video caching 328
XenApp and XenDesktop acceleration 329
© 1999-2020 Citrix Systems, Inc. All rights reserved. 7
Citrix SD-WAN WANOP 10.2
About Citrix SD-WAN WANOP
July 8, 2020
Citrix SD-WAN WANOP appliances optimize your WAN links, giving your users maximum responsive-
ness and throughput at any distance. A Citrix SD-WAN WANOP appliance is easy to deploy, because
it works transparently. A twenty minute installation accelerates your WAN traic with no other con-
figuration required. You do not have to change your applications, servers, clients, or network infras-
tructure. You can, however change them aer Citrix SD-WAN WANOP installation without aecting
traic acceleration. A Citrix SD-WAN WANOP appliance needs reconfiguration only when your WAN
links change.
Citrix SD-WAN WANOP appliances support a full range of optimizations, including:
• Multi-session compression with compression ratios of up to 10,000:1.
• Protocol acceleration for Windows network file systems (CIFS), XenApp (ICA and CGP, including
the new multi-session ICA standard), Microso Outlook (MAPI), and SSL.
• Traic shaping to ensure that high-priority and interactive traic takes precedence over low-
priority or bulk traic.
• Advanced TCP protocol acceleration, which reduces delays on congested or high-latency links.
• Video caching.
How Citrix SD-WAN WANOP works?
Citrix SD-WAN WANOP products work in pairs, one at each end of a link, to accelerate traic over the
link. The transformations done by the sender are reversed by the receiver.
However, one appliance (or virtual appliance) can handle many links, so you do not have to dedicate
a pair to each connection.
An enterprise typically has one Citrix SD-WAN WANOP appliance per site (larger appliances at larger
sites, smaller ones at smaller sites), though a company with numerous branch oices might have mul-
tiple appliances at its central data center.
A link from a site with a Citrix SD-WAN WANOP appliance to a site that does not have a Citrix
SD-WAN WANOP appliance functions normally, but its traic is not accelerated.
Citrix SD-WAN WANOP features include robust compression for brisk performance over relatively slow
links, and lossless flow control to deal with congestion. TCP optimizations overcome the main limi-
tations of problematic links, and application optimization does away with the limitations of applica-
tions designed for high-speed, local networks. An autodetection feature makes deployment quick
and easy.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 8
Citrix SD-WAN WANOP 10.2
Citrix SD-WAN WANOP features and benefits
Any time workers spend waiting for their computers to respond is lost time, resulting in lost produc-
tivity. When users work remotely or use o-site resources, their productivity depends on the respon-
siveness of their network connections. Safeguarding the responsiveness of their connections requires
advanced network acceleration.
The Citrix SD-WAN WANOP product line protects your productivity by providing reliable WAN and In-
ternet link performance through a set of multiple, interlocking optimizations, each reinforcing the oth-
ers. To provide maximum productivity across your entire enterprise, there are Citrix SD-WAN WANOP
products for every need, from the largest data center though the smallest branch oice and even the
individual laptop.
Citrix SD-WAN WANOP provides robust usability even with undersized or degraded links.
Features at a glance:
For more information, see the table
Features and benefits:
The following are some of the key benefits of our Citrix SD-WAN WANOP product line.
Compression overcomes low link speeds. The most obvious problem with wide-area network (WAN)
links and Internet links is their low bandwidth compared to local-area networks (LANs). A 1 Mbps WAN
has only 1% of the throughput of a 100 Mbps LAN. How do you overcome low link bandwidth? With
compression. A compression ratio of 100:1 enables a 1 Mbps link to transfer data as quickly as a 100
Mbps. This speedup factor is achieved whenever the following criteria are met:
• The compression algorithm must be able to deliver high compression ratios.
• The compression algorithm must be very fast (much faster than the link bandwidth, and ideally
as fast as the LAN).
• The LAN segments of the link must have flow control that is independent of the WAN segment,
because the dierent segments handle data at dierent rates.
• Multiple compression engines must be used to handle the dierent needs of dierent kinds of
traic. Interactive traic requires relatively little bandwidth but is very sensitive to delay, while
bulk-transfers are very sensitive to bandwidth but are insensitive to delay.
TCP protocol acceleration overcomes congestion. Any attempt to send traic faster than the link
speed results in congestion, which results in many problems caused by high packet losses and high
queuing latency.
Lossless flow control. The TCP/IP protocol has no flow control to slow senders down directly, and
the absence of this necessary control mechanism makes packet losses and excessive queuing delays
normal, even on mission-critical links. (If anything, this problem is getting worse over time, as papers
on the phenomenon of buerbloat attest.)
© 1999-2020 Citrix Systems, Inc. All rights reserved. 9
Citrix SD-WAN WANOP 10.2
A Citrix SD-WAN WANOP appliance solves this problem by providing the flow control that was omitted
from the TCP/IP protocol. Unlike ordinary quality of service (QoS) solutions, which simply reallocate
packet loss, Citrix SD-WAN WANOP provides lossless flow control that controls the rate at which the
endpoint senders transmit data, instead of allowing senders to transmit data at any speed they like,
and dropping packets when they send too much. Each sender transmits only as much data as Citrix
SD-WAN WANOP allows it to send, without ever dropping a packet, and this data is placed on the link
at exactly the right rate to keep the link full without overflowing. By eliminating excess data, Citrix SD-
WAN WANOP is not forced to discard it. Without Citrix SD-WAN WANOP, the dropped packets have to
be sent again, causing unnecessary delays. Lossless flow control also eliminates delays caused by ex-
cessive buering. Lossless flow control is the key to maximum responsiveness on a busy link, enabling
a link that was once congested to the point of unusability at 40% utilization to remain productive and
responsive at 95% utilization.
Eliminating distance-based unfairness. Links with high latency or packet losses are diicult to use
at full bandwidth, especially with ordinary TCP variants such as TCP Reno. The consequences are
excessive delays and diiculty in getting the bandwidth that you are paying for. The longer the link
distance, the worse the problem becomes.
Citrix SD-WAN WANOP TCP protocol acceleration minimizes these eects, allowing intercontinental
and even satellite links to run at full speed.
Traic shaping manages bandwidth automatically. On the output side, a fair-queuing-like
algorithm ensures that each connection is independently queued and given its fair share of
the link bandwidth. Traic-shaping policies allow dierent services to be given higher or lower
precedence.Application Optimizations Overcome Design Limitations
Applications and protocols designed for use on local-area networks are notorious for poor perfor-
mance over wide-area networks, because the designers did not consider the eects of long speed-
of-light delays on their protocols. For example, a simple Windows file system (CIFS) operation can
take up to 50 round trips as messages pass back and forth across the network. In a wide-area network
with a 100 ms round-trip time, 50 round trips cause a delay of five seconds.
Although speed-of-light delays are a fundamental limitation, application optimizations can perform
the same operations in a smaller number of round-trips, usually through speculative operations.
Where the original application would issue one command at a time and wait for it to complete
before issuing the next one, it is oen perfectly safe to issue a series of commands without waiting.
In addition, data transfers can be accelerated through a combination of pre-fetching, read-ahead,
and write-behind operations. By packing as many operations as possible into a single round trip,
performance can be increased tenfold or more.
Citrix SD-WAN WANOP optimizations are especially eective on CIFS/SMB (the Windows file system),
MAPI (the Outlook/Exchange protocol), and HTTP.
Multiple optimizations enhance XenApp/XenDesktop (Citrix HDX) performance. Because Citrix
© 1999-2020 Citrix Systems, Inc. All rights reserved. 10
Citrix SD-WAN WANOP 10.2
SD-WAN WANOP appliances are Citrix products, they are especially eective at accelerating Citrix pro-
tocols, such as XenApp and XenDesktop. Every aspect of Citrix SD-WAN WANOP acceleration comes
into play with these protocols to make the remote user experience as productive as possible.
Citrix SD-WAN WANOP appliances negotiate session options with XenApp and XenDesktop servers.
This allows the Citrix SD-WAN WANOP appliance to apply the following enhancements:
• It replaces the server’s native compression with higher-performance Citrix SD-WAN WANOP
compression.
• It bases the connection’s traic-shaping priority on the priority bits embedded in every XenApp
and XenDesktop connection. This allows the priority of the connection to vary according to
the type of traic. For example, interactive tasks are high-priority tasks and print jobs are low-
priority tasks.
• It gathers and reports statistics based on the XenApp or XenDesktop applications being used.
• It maintains the end-to-end encryption of the original connection.
Auto detection for minimal configuration. Because the solution is double-ended, requiring that
a Citrix SD-WAN WANOP product be present at both ends of the link, deployment would seem to im-
pose a burden on remote oices, especially ones without dedicated IT sta. However, Citrix SD-WAN
WANOP is designed to be very easy to install and maintain. A typical installation takes about twenty
minutes. The only parameters needed are the usual network parameters (such as IP address and sub-
net mask), the address of a Citrix license server, and the send and receive speed of the link.
Requiring only a minimal level of configuration is possible because of autodetection, through which
a Citrix SD-WAN WANOP determines which connections can be accelerated (and which cannot), with-
out any manual configuration. A Citrix SD-WAN WANOP at the other end of the link is automatically
detected, and the connection is then accelerated. You can add Citrix SD-WAN WANOP appliances to
your network in an ad hoc fashion. You do not even have to inform the existing appliances of the
arrival of a new one. They discover it for themselves.
A Citrix SD-WAN WANOP uses TCP header options to report its presence and to negotiate acceleration
parameters with the remote Citrix SD-WAN WANOP because TCP header options are part of the TCP
standard, this method works very well, except in cases where firewalls are programmed to reject all
but the most common options. Such firewalls exist, but they can be configured to allow the options
used by Citrix SD-WAN WANOP to pass through.
Citrix SD-WAN WANOP operations are transparent to both the sender and receiver. The other devices
in your network are not aware that Citrix SD-WAN WANOP
exists. They continue working just as they did before Citrix SD-WAN WANOP installation. This trans-
parency also eliminates any need to install special soware on your servers or clients in order to ben-
efit from Citrix SD-WAN WANOP acceleration. Everything works transparently.
Product line capabilities:
© 1999-2020 Citrix Systems, Inc. All rights reserved. 11
Citrix SD-WAN WANOP 10.2
Every product in the Citrix SD-WAN WANOP product line provides basic Citrix SD-WAN WANOP accel-
eration features. Most models have additional features as well, such as:
• Video caching
• Multiple accelerated bridges with Ethernet bypass feature
• Monitoring and management through the GUI, CLI, SNMP, AppFlow, and Citrix ADM.
Dierent Citrix SD-WAN WANOP products have dierent capabilities. Products that support higher
WAN bandwidths also support more users and typically have more resources: more power CPU, more
memory, larger disk, and more accelerated bridges.
The capabilities of products that run on your own hardware, such as the Citrix SD-WAN WANOP Plug-
in and Citrix SD-WAN WANOP VPX, depend on the speed of the hardware and the amount of system
resources that you dedicate to acceleration.
For up-to-date specifications, see the Citrix SD-WAN Product Data Sheet.
Citrix SD-WAN WANOP architecture
Citrix SD-WAN WANOP appliances accelerate the traic over you WAN links. To accelerate a WAN, you
need at least two Citrix SD-WAN WANOP appliances, one for each site you wish to accelerate.
The sender-side Citrix SD-WAN WANOP appliance applies a series of optimizations and transforma-
tions to your traic, such as compression and encryption. Many operations require that the receiver-
side Citrix SD-WAN WANOP perform an inverse operation, such as decompression or decryption, to
restore the traic to its original state.
Thus, most optimizations require that the traic pass through two Citrix SD-WAN WANOP appliances.
Some optimizations are single-ended, and are performed by the local appliance acting alone. These
optimizations include traic shaping and video caching.
Citrix SD-WAN WANOP appliances are largely transparent to the network. The appliance itself appears
to be a bridge, not a router, gateway, or proxy. This invisibility allows the appliance to be installed
without configuring any other hardware. The appliance optimizations are also transparent, detected
only by the partner appliance at the other end of the link.
Citrix SD-WAN WANOP appliances can be added to the network at will, because their auto-detection
and auto-negotiation features ensure that a new appliance on the network is immediately detected
by other appliances, and acceleration begins at once.
Although the diagram above shows a network with just two appliances, a single Citrix SD-WAN WANOP
appliance can communicate with any number of partner sites. Point-to-point, hub-and-spoke, and
mesh networks are all supported.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 12
Citrix SD-WAN WANOP 10.2
In addition to stand-alone appliances, Citrix SD-WAN WANOP acceleration products include virtual
machines (the Citrix SD-WAN WANOP VPX series) and an installable acceleration service for Windows
systems (the Citrix SD-WAN WANOP Plug-in).
What acceleration means
In Citrix SD-WAN WANOP terminology, “acceleration” is the reduction of transaction time, which re-
duces the time users spend waiting. Because the time that users spend waiting represents a direct
productivity loss, acceleration’s main benefit is increased productivity.
In network traic, a transaction ranges from very small—a single byte of data in a telnet or SSH termi-
nal session—to very large, as with FTP transfers, which oen exceed a gigabyte in size. A practical ac-
celerator has to accelerate the entire range of transaction sizes, from interactive traic to bulk traic,
giving the best performance and user experience across the board. Citrix SD-WAN WANOP technology
achieves this in a variety of ways.
How acceleration works: The pipeline
To see how the Citrix SD-WAN WANOP appliance works, take a close look at the diagram of the traic-
flow pipeline. As you can see, there are two pipelines:
1. The sending pipeline, which accelerates data entering the WAN from the local LAN.
2. The receiving pipeline, which accelerates data exiting the WAN and entering the local LAN.
Send pipeline
To understand the appliance, consider the sending pipeline one unit at a time.
1. Input buer. Packets from the LAN are received by the appliance. Because non-TCP/IP traic is
optimized only by the traic shaper, non-TCP packets are diverted directly to the traic shaper.
The TCP/IP traic (called TCP traic from now on) traverses the rest of the pipeline.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 13
Citrix SD-WAN WANOP 10.2
2. Video Cache. If the TCP traic matches the settings for the video cache, the request is handed
o to the video cache unit.
3. LAN-side auto-detection. Other than traic shaping, sender-side optimizations require that
there be a remote appliance as well as the local appliance. Any connections that don’t pass
through a remote appliance are diverted to the traic shaper. This action is performed by the
LAN-side auto-detection logic. The actual test for a remote appliance is done by the WAN-side
auto-detection unit.
4. LAN-side flow control.Citrix SD-WAN WANOP acts as a transparent TCP proxy, receiving and ac-
knowledging packets from the endpoint sender on behalf of the endpoint receiver. This allows
the appliance to accept large amounts of data from the local sender very quickly, at full LAN
speeds, regardless of how slowly traic is moving over the WAN. (Normal TCP uses end-to-end
speed control, which is not agile enough to allow maximum performance.) In addition, Citrix
SD-WAN WANOP flow control is lossless, meaning that the local sender never sees a dropped
packet, increasing reliability and eiciency.
5. Application engines.Citrix SD-WAN WANOP performs specific optimizations for several proto-
cols, including:
• XenApp and XenDesktop, using the ICA and CGP protocols.
• Windows Filesystem (CIFS, including the SMB1 and SMB2 versions)
• Outlook/Exchange (MAPI)
These optimizations reduce transaction time. This is done through rewriting, combining,
and reordering commands, using read-ahead and write-behind, using a knowledge of the
protocol for more advanced traic shaping, and compression hinting.
6. Compression engine. Compression makes the transactions smaller, reducing the time it takes
to transfer the data over the link. The Citrix SD-WAN WANOP compressor uses multiple com-
pression algorithms, some very eicient for small transactions, some optimized for bulk trans-
actions, and some for midsize transactions. Compression ratios of 10,000:1 are readily achieved
by the Citrix SD-WAN WANOP compressor. The compressor is very fast, allowing high compres-
sion ratios to be maintained at full WAN speeds. With Citrix SD-WAN WANOP processing, a file
that compresses at a 100:1 ratio can easily be sent over a 1 Mbps link with an overall throughput
of 100 Mbps.
7. Security engine. Some Citrix SD-WAN WANOP features require that the two appliances enter a
secure peer relationship with each other, and with the origin server. The security engine authen-
ticates this peer relationship and encrypts the accelerated data connections between them. A
secure peer relationship allows the use of SSL compression and the acceleration of encrypted
XenApp/XenDesktop (ICA/CGP), Windows Filesystem (CIFS), and Outlook/Exchange (MAPI) traf-
fic.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 14
Citrix SD-WAN WANOP 10.2
8. WAN-side flow control and auto-detection. The WAN link is where traic slowdowns occur, and
if the link is congested, packets are lost and must be retransmitted. Retransmitting packets
always causes a significant delay, sometimes lasting more one second. The WAN-side flow-
control unit uses advanced retransmission elements and an advanced TCP/IP protocol for max-
imum performance in both “clean” and “troubled” links. The auto-detection unit identifies the
presence of a partner Citrix SD-WAN WANOP unit on a connection-by-connection basis, which
prevents optimizations from being used where they are not wanted, and allows new appliances
to be detected by the existing ones as soon as they are added to the network. Auto-detection
uses options in the TCP header field. This is normally transparent but might be blocked by some
firewalls, which need to be reconfigured.
9. Application classifier. This unit examines all the traic flowing through Citrix SD-WAN WANOP
and identifies which application or protocol it belongs to. This information is used in reporting
and by the traic shaper.
10. Traic shaper. To avoid congestion, excessive queuing, and other sources of avoidable delays,
the traic shaper injects traic onto the WAN at slightly less than the WAN’s data rate, to ensure
that the WAN is never overrun. A weighted fair queuing algorithm is used to ensure that all traic
gets its fair share of the link bandwidth. Traic-shaping policies allow dierent traic types to
receive dierent weights, so that some traic gets more bandwidth than others.
Receive pipeline
The pipeline in the receiving direction is similar to the sending direction, except that instead of en-
crypting, it decrypts, and instead of compressing, we have decompresses. Also, note that there is
a traic shaper in the receiving direction as well, applying traic-shaping policies to incoming WAN
traic, so that both directions are regulated.
Auto-detection and packet-level transformation
The auto-detection algorithm inserts TCP header options to announce the presence of a Citrix SD-WAN
WANOP appliance and to facilitate negotiation. These options are in the range of 24-31. The following
packet-level transformations are used:
• On the initial packet of the connection (the SYN packet), the sending appliance attaches header
options identifying itself as a Citrix SD-WAN WANOP appliance, and also declaring other capa-
bilities, such as compression. This is called a “tagged SYN packet.”
• Upon receiving a tagged SYN packet, the receiving appliance attaches header options to the
SYN-ACK packet, identifying itself in turn and announcing its capabilities.
• Once the sending appliance receives the tagged SYN-ACK packet, the connection can be accel-
erated according to whatever capabilities are shared by both appliances. For example, the con-
© 1999-2020 Citrix Systems, Inc. All rights reserved. 15
Citrix SD-WAN WANOP 10.2
nection is compressed if both appliances declared support for compression.
• The TCP initial sequence numbers (ISNs) in both directions are altered by adding 2,000,000,000
to the original values. This is a precaution that prevents the connection from continuing if one
appliance fails or has a routing change that prevents it from seeing all the traic in the connec-
tion. Once a connection is accelerated, it must remain accelerated throughout its lifetime.
• The MSS value is reduced, typically to 1380 bytes, to ensure that each packet has room for the
inserted Citrix SD-WAN WANOP TCP header options.
• The IP addresses and port numbers of the connection remain unchanged.
Pre-acknowledgement
The SYN and SYN-ACK packets flow from end to end:
• The SYN packet flows from the endpoint client, through the client-side appliance, over the WAN,
through the server-side appliance, and finally to the server.
• The SYN-ACK packet flows from the server, though the server-side appliance, over the WAN,
through the client-side appliance, and finally to the client.
The same is true for the final packets of the connection, the FIN, FIN-ACK, and RST packets.
Other packets, however, are pre-acknowledged. For example, when the server-side appliance re-
ceives a packet from the server, it acknowledges it over the LAN right away, and buers it for eventual
transmission over the WAN. This allows the server-side appliance’s buers to be filled very quickly,
so it always has plenty of data to use for compression and other optimizations. (This is very dierent
from normal TCP operation, where all acknowledgements come from the opposite side of the WAN,
making acknowledgement very slow, and forcing every segment of the connection to move no faster
than the slowest segment, greatly reducing the eectiveness of acceleration.)
Move traic into and out of the appliance
Citrix SD-WAN WANOP appliances have a number of “forwarding modes.” A forwarding mode is a
method of getting traic into and out of the appliance. The most common is inline mode, where
the Citrix SD-WAN WANOP appears to be a bridge device. Packets entering on one bridge port ap-
pear to exit the other one. Of course, Citrix SD-WAN WANOP transforms data in a variety of ways, so
in many cases the packet exiting the second port is not identical to the one that entered the first port,
but that is how it appears to the rest of the network.
Where inline mode is not practical, several other methods are available, most notably WCCP mode.
These are “one-arm” modes, using a single interface cable.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 16
Citrix SD-WAN WANOP 10.2
Tip
You can manage and monitor your Citrix SD-WAN WANOP appliances using Citrix ADM, for more
information, see Managing Citrix SD-WAN instances using Citrix ADM
Get started with Citrix SD-WAN WANOP
December 14, 2018
Deploying Citrix SD-WAN WANOP appliances successfully is not diicult, but improper deployments
can cause problems and provide inadequate acceleration. Be sure to select appliances with suicient
capacity for the links that you want them to accelerate. Product selection is also one of the factors to
consider when deciding how best to fit the appliances into your topology.
The most basic deployment criteria are:
• All packets in the TCP connection must pass through a supported combination of two accelera-
tion units (Citrix SD-WAN WANOP appliances or Plug-ins).
• Traic must pass through the two acceleration units in both directions.
When these criteria are met, acceleration is automatic.
Acceleration Enhances Performance when Traic Passes through Two Appliances
For sites with only one WAN network, these criteria can be met by placing the Citrix SD-WAN WANOP
appliance inline with the WAN. In more complex sites, other options are available. Some, such as
WCCP support, are available on all models. Others are available on certain models only. Therefore,
the needs of a more complex site might limit your choice of appliances.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 17
Citrix SD-WAN WANOP 10.2
When evaluating your options, consider the importance of keeping various segments of your network
up and running in the event that a device fails or has to be disabled. For inline deployments, Citrix rec-
ommends an Ethernet bypass card. This card, which is optional on Citrix SD-WAN WANOP appliances,
has a relay that closes if the appliance fails, allowing packets to pass through even if power is lost or
removed.
Redundancy is a consideration for all types of deployments. Citrix SD-WAN WANOP appliances oer
dierent types of redundancy:
• SD-WAN WANOP 4000/5000 appliances have dual power supplies.
• SD-WAN WANOP 4000/5000 appliances have redundant disk drives.
• Appliances can be used in high-availability mode (two redundant appliances with automatic
failover). This mode is supported on all models.
Note
For more information on Citrix SD-WAN WANOP appliances and deployment modes, see the SD-
WAN WANOP platform documentation
Select an appliance based on capacity
November 22, 2018
For proper operation, your Citrix SD-WAN WANOP appliance must have adequate resources to support
the number of WAN links that you want to accelerate, and to support all of the users of those links.
Three capacities are important when selecting a Citrix SD-WAN WANOP
appliance: link capacity (bandwidth), user capacity, and disk capacity.
Link capacity
When selecting a Citrix SD-WAN WANOP appliance, the most important factor is that it support your
WAN links. If your site has a single WAN link, your appliance should support your link speed. For exam-
ple, a Citrix SD-WAN WANOP 2000-010 can supports links of up to 10 Mbps, which would be suitable
for an 8 Mbps link but not a 12 Mbps link. If your site has multiple links that are to be accelerated by a
single appliance, the appliance should support the total speed of all these WAN links added together.
The maximum supported speed is determined by a combination of the appliance hardware and the
product license. The licensed bandwidth limit is the maximum link speed that is supported by the
license.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 18
Citrix SD-WAN WANOP 10.2
Product Licensed WAN BW Range
Current Products
SD-WAN WANOP Plug-in N/A
SD-WAN WANOP 400 2-6 Mbps
SD-WAN WANOP 800 2-10 Mbps
SD-WAN WANOP 2000 , 2000WS 10-50 Mbps
SD-WAN WANOP 3000 5 0-155
SD-WAN WANOP 4000 310-1,000 Mbps
SD-WAN WANOP 5000 1,500-2,000 Mbps
SD-WAN WANOP VPX 1-45 Mbps
Table 1. Licensed Bandwidth Limits by Product Line
XenApp/XenDesktop user capacity
Each appliance is rated for a maximum number ofXenApp or XenDesktop users. This value should
not be exceeded when your deployment uses XenApp or XenDesktop. If you are not using XenApp or
XenDesktop, consider this number a rough guide to the number of users of other applications.
Product Maximum Users
SD-WAN WANOP Plug-in 1
SD-WAN WANOP 400 10-30
SD-WAN WANOP 800 20-100
SD-WAN WANOP 2000 , 2000WS 100-300
SD-WAN WANOP 3000 300-500
SD-WAN WANOP VPX 20-350
SD-WAN WANOP 4000 750-2,500
SD-WAN WANOP 5000 3,500-5,000
Table 2. XenApp/XenDesktop User Capacity
© 1999-2020 Citrix Systems, Inc. All rights reserved. 19
Citrix SD-WAN WANOP 10.2
Disk size
Disk space is used mostly for compression history, and more disk space results in greater compression
performance.
The SD-WAN WANOP 4000/5000 series oers from1.8 TB to2.4 TB of disk capacity. That compares
to 2.1 TB for the SD-WAN WANOP 3000, 470 GB for the SD-WAN WANOP 2000, 80 GB for the SD-WAN
WANOP 800, and 40 GB for the SD-WAN WANOP 400. SD-WAN WANOP VPX has a disk capacity of 100-
500 GB. Ideally, an appliance should have a disk capacity larger than the cycle time of the link’s data.
For example, a link carrying mostly daily update traic should have 24 hours of disk capacity or more.
With a link carrying mostly user sessions, this window can be smaller. (A 1 Mbps link can transfer about
10 GB per day at full speed.)
Table 3. Examples of Data Lifetime for Disk Sizes
Appliance
Model
Link Speed-1
Mbps
Link Speed-10
Mbps
Link Speed-100
Mbps
Link
Speed-1000
Mbps
Data lifetime at
33% link
utilization
SD-WAN WANOP
800
23 days 2.3 days NA NA
SD-WAN WANOP
2000, 2000WS
141 days 14 days NA NA
SD-WAN WANOP
5000
717 days 72 days 7.2 days 17 hours
Data lifetime at
100% link
utilization
SD-WAN WANOP
800
8 days 19 hours NA NA
SD-WAN WANOP
2000, 2000WS
47 days 4.7 days NA NA
SD-WAN WANOP
5000
239 days 24 days 2.4 days 6 hours
© 1999-2020 Citrix Systems, Inc. All rights reserved. 20
Table of contents
Other Citrix Network Hardware manuals
Citrix
Citrix NetScaler EE Operating and maintenance instructions
Citrix
Citrix SD-WAN 110-WiFi-SE User manual
Citrix
Citrix ByteMobile T1010 Quick guide
Citrix
Citrix NetScaler 9010 Platform User manual
Citrix
Citrix ADC MPX 5550 User manual
Citrix
Citrix MPX 16000T User manual
Citrix
Citrix ADC MPX User manual
