Citrix Sd-wan wanop 10.2 User manual

Citrix SD-WAN WANOP 10.2

Citrix Product Documentation | docs.citrix.com October 27, 2020

Citrix SD-WAN WANOP 10.2

Contents

About Citrix SD-WAN WANOP 3

Get started with Citrix SD-WAN WANOP 12

Select an appliance based on capacity 13

Select the deployment mode based on datacenter topology 16

Sites with one WAN router 17

Sites with multiple WAN routers 19

Appliance failure handled in various deployment modes 22

Supported mode and feature matrix 22

Configure Citrix SD-WAN WANOP plug-in with Access Gateway VPNs 25

Deploy SD-WAN WANOP VPX on Microso Azure 27

SD-WAN WANOP upgrading procedure 32

Initial Configuration 34

Prerequisites 35

Deployment Worksheet 36

Configuring the Appliance 39

Assigning a Management IP Address through the Ethernet Port 39

Assigning a Management IP Address through the Serial Port 41

Provisioning the Appliance 42

Deployment Modes 46

Customizing the Ethernet ports 48

Port Parameters 49

Accelerated Bridges (apA and apB) 50

Motherboard Ports 51

Citrix SD-WAN WANOP 10.2

VLAN Support 52

Customizing the Ethernet ports 52

Ethernet Bypass and Link-Down Propagation 53

Accelerating an Entire Site 54

Partial-Site Acceleration 54

Configuring and Troubleshooting Inline Mode 55

WCCP Mode 55

WCCP Mode (Non-Clustered) 59

WCCP Clustering 66

Virtual Inline Mode 72

Configuring Packet Forwarding on the Appliance 73

Router Configuration 73

Virtual Inline for Multiple-WAN Environments 77

Virtual Inline Mode and High-Availability 78

Monitoring and Troubleshooting 78

Group Mode 78

When to Use Group Mode 79

How Group Mode Works 80

Enabling Group Mode 81

Forwarding Rules 82

Monitoring and Troubleshooting Group Mode 83

Customizing the Ethernet ports 84

How High-Availability Mode Works 85

Cabling Requirements 86

Citrix SD-WAN WANOP 10.2

Other Requirements 86

Management Access to the High-Availability Pair 87

Configuring the High-Availability Pair 87

Updating Soware on a High-Availability Pair 88

Saving/Restoring Parameters of an high availability Pair 89

Troubleshooting High Availability Pairs 90

Two box mode 90

FAQs 94

Acceleration 95

CIFS and MAPI 95

Compression 97

RPC over HTTPS 99

SCPS 100

Secure peering 101

SSL Acceleration 102

Citrix SD-WAN WANOP plug-in 103

Traic shaping 108

Upgrade (OS) Process 109

Video caching 117

Oice 365 Acceleration 122

Compression 124

HTTP acceleration 130

How HTML5 works 132

Internet Protocol version 6 (IPv6) acceleration 134

Citrix SD-WAN WANOP 10.2

Link definitions 139

Manage link definitions in traic shaping 141

Configure link definitions 142

Manage and monitor using Citrix Application Delivery Management 147

Citrix Cloud Connector 148

Configure cloud connector tunnel 152

Configure cloud connector tunnel between two datacenters 154

Configure cloud connector tunnel between a datacenter and AWS/Azure 159

Oice 365 acceleration 165

SCPS support 177

Secure traic acceleration 178

Secure peering 178

CIFS, SMB2, and MAPI 183

Configure Citrix SD-WAN WANOP appliance to optimize secure Windows traic 185

Configure CIFS and SMB2/SMB3 acceleration 201

Configure MAPI acceleration 208

SSL compression 210

How SSL compression works 211

Configure SSL compression 213

SSL Compression with Citrix SD-WAN WANOP plug-in 221

RPC over HTTP 222

TCP Flow-Control acceleration 225

Lossless and transparent flow control 226

Speed optimization 227

Citrix SD-WAN WANOP 10.2

Auto-discovery and auto-configuration 229

TCP flow control modes 230

Firewall considerations 232

Traic classification 233

Application classifier 234

Service classes 236

Traic shaping 241

Weighted fair queuing 242

Traic shaping policies 244

Video caching 247

Video caching scenarios 249

Configure video caching 252

Video prepopulation 257

Verify video caching 264

Manage video caching sources 266

WAN insight 268

Asymmetric routing 272

Citrix SD-WAN WANOP client plug-in 274

Hardware and soware requirements 275

How WANOP plug-in works 276

Deploy appliances for use with plug-ins 285

Customize plug-in’s MSI file 288

Deploy plug-ins on Windows 290

Citrix SD-WAN WANOP plug-in GUI 295

Citrix SD-WAN WANOP 10.2

Update Citrix SD-WAN WANOP plug-in 299

XenApp and XenDesktop acceleration 299

Configure XenApp acceleration 300

Optimize Citrix Receiver for HTML5 302

Deployment modes 304

Adaptive transport interoperability 312

XenServer 6.5 upgrade 312

Maintenance 313

Diagnostics 316

Troubleshooting 323

CIFS and MAPI 323

Citrix SD-WAN WANOP plug-in 326

RPC over HTTPS 327

Video caching 328

XenApp and XenDesktop acceleration 329

Citrix SD-WAN WANOP 10.2

About Citrix SD-WAN WANOP

July 8, 2020

Citrix SD-WAN WANOP appliances optimize your WAN links, giving your users maximum responsive-

ness and throughput at any distance. A Citrix SD-WAN WANOP appliance is easy to deploy, because

it works transparently. A twenty minute installation accelerates your WAN traic with no other con-

figuration required. You do not have to change your applications, servers, clients, or network infras-

tructure. You can, however change them aer Citrix SD-WAN WANOP installation without aecting

traic acceleration. A Citrix SD-WAN WANOP appliance needs reconfiguration only when your WAN

links change.

Citrix SD-WAN WANOP appliances support a full range of optimizations, including:

• Multi-session compression with compression ratios of up to 10,000:1.

• Protocol acceleration for Windows network file systems (CIFS), XenApp (ICA and CGP, including

the new multi-session ICA standard), Microso Outlook (MAPI), and SSL.

• Traic shaping to ensure that high-priority and interactive traic takes precedence over low-

priority or bulk traic.

• Advanced TCP protocol acceleration, which reduces delays on congested or high-latency links.

• Video caching.

How Citrix SD-WAN WANOP works?

Citrix SD-WAN WANOP products work in pairs, one at each end of a link, to accelerate traic over the

link. The transformations done by the sender are reversed by the receiver.

However, one appliance (or virtual appliance) can handle many links, so you do not have to dedicate

a pair to each connection.

An enterprise typically has one Citrix SD-WAN WANOP appliance per site (larger appliances at larger

sites, smaller ones at smaller sites), though a company with numerous branch oices might have mul-

tiple appliances at its central data center.

A link from a site with a Citrix SD-WAN WANOP appliance to a site that does not have a Citrix

SD-WAN WANOP appliance functions normally, but its traic is not accelerated.

Citrix SD-WAN WANOP features include robust compression for brisk performance over relatively slow

links, and lossless flow control to deal with congestion. TCP optimizations overcome the main limi-

tations of problematic links, and application optimization does away with the limitations of applica-

tions designed for high-speed, local networks. An autodetection feature makes deployment quick

and easy.

Citrix SD-WAN WANOP 10.2

Citrix SD-WAN WANOP features and benefits

Any time workers spend waiting for their computers to respond is lost time, resulting in lost produc-

tivity. When users work remotely or use o-site resources, their productivity depends on the respon-

siveness of their network connections. Safeguarding the responsiveness of their connections requires

advanced network acceleration.

The Citrix SD-WAN WANOP product line protects your productivity by providing reliable WAN and In-

ternet link performance through a set of multiple, interlocking optimizations, each reinforcing the oth-

ers. To provide maximum productivity across your entire enterprise, there are Citrix SD-WAN WANOP

products for every need, from the largest data center though the smallest branch oice and even the

individual laptop.

Citrix SD-WAN WANOP provides robust usability even with undersized or degraded links.

Features at a glance:

For more information, see the table

Features and benefits:

The following are some of the key benefits of our Citrix SD-WAN WANOP product line.

Compression overcomes low link speeds. The most obvious problem with wide-area network (WAN)

links and Internet links is their low bandwidth compared to local-area networks (LANs). A 1 Mbps WAN

has only 1% of the throughput of a 100 Mbps LAN. How do you overcome low link bandwidth? With

compression. A compression ratio of 100:1 enables a 1 Mbps link to transfer data as quickly as a 100

Mbps. This speedup factor is achieved whenever the following criteria are met:

• The compression algorithm must be able to deliver high compression ratios.

• The compression algorithm must be very fast (much faster than the link bandwidth, and ideally

as fast as the LAN).

• The LAN segments of the link must have flow control that is independent of the WAN segment,

because the dierent segments handle data at dierent rates.

• Multiple compression engines must be used to handle the dierent needs of dierent kinds of

traic. Interactive traic requires relatively little bandwidth but is very sensitive to delay, while

bulk-transfers are very sensitive to bandwidth but are insensitive to delay.

TCP protocol acceleration overcomes congestion. Any attempt to send traic faster than the link

speed results in congestion, which results in many problems caused by high packet losses and high

queuing latency.

Lossless flow control. The TCP/IP protocol has no flow control to slow senders down directly, and

the absence of this necessary control mechanism makes packet losses and excessive queuing delays

normal, even on mission-critical links. (If anything, this problem is getting worse over time, as papers

on the phenomenon of buerbloat attest.)

Citrix SD-WAN WANOP 10.2

A Citrix SD-WAN WANOP appliance solves this problem by providing the flow control that was omitted

from the TCP/IP protocol. Unlike ordinary quality of service (QoS) solutions, which simply reallocate

packet loss, Citrix SD-WAN WANOP provides lossless flow control that controls the rate at which the

endpoint senders transmit data, instead of allowing senders to transmit data at any speed they like,

and dropping packets when they send too much. Each sender transmits only as much data as Citrix

SD-WAN WANOP allows it to send, without ever dropping a packet, and this data is placed on the link

at exactly the right rate to keep the link full without overflowing. By eliminating excess data, Citrix SD-

WAN WANOP is not forced to discard it. Without Citrix SD-WAN WANOP, the dropped packets have to

be sent again, causing unnecessary delays. Lossless flow control also eliminates delays caused by ex-

cessive buering. Lossless flow control is the key to maximum responsiveness on a busy link, enabling

a link that was once congested to the point of unusability at 40% utilization to remain productive and

responsive at 95% utilization.

Eliminating distance-based unfairness. Links with high latency or packet losses are diicult to use

at full bandwidth, especially with ordinary TCP variants such as TCP Reno. The consequences are

excessive delays and diiculty in getting the bandwidth that you are paying for. The longer the link

distance, the worse the problem becomes.

Citrix SD-WAN WANOP TCP protocol acceleration minimizes these eects, allowing intercontinental

and even satellite links to run at full speed.

Traic shaping manages bandwidth automatically. On the output side, a fair-queuing-like

algorithm ensures that each connection is independently queued and given its fair share of

the link bandwidth. Traic-shaping policies allow dierent services to be given higher or lower

precedence.Application Optimizations Overcome Design Limitations

Applications and protocols designed for use on local-area networks are notorious for poor perfor-

mance over wide-area networks, because the designers did not consider the eects of long speed-

of-light delays on their protocols. For example, a simple Windows file system (CIFS) operation can

take up to 50 round trips as messages pass back and forth across the network. In a wide-area network

with a 100 ms round-trip time, 50 round trips cause a delay of five seconds.

Although speed-of-light delays are a fundamental limitation, application optimizations can perform

the same operations in a smaller number of round-trips, usually through speculative operations.

Where the original application would issue one command at a time and wait for it to complete

before issuing the next one, it is oen perfectly safe to issue a series of commands without waiting.

In addition, data transfers can be accelerated through a combination of pre-fetching, read-ahead,

and write-behind operations. By packing as many operations as possible into a single round trip,

performance can be increased tenfold or more.

Citrix SD-WAN WANOP optimizations are especially eective on CIFS/SMB (the Windows file system),

MAPI (the Outlook/Exchange protocol), and HTTP.

Multiple optimizations enhance XenApp/XenDesktop (Citrix HDX) performance. Because Citrix

Citrix SD-WAN WANOP 10.2

SD-WAN WANOP appliances are Citrix products, they are especially eective at accelerating Citrix pro-

tocols, such as XenApp and XenDesktop. Every aspect of Citrix SD-WAN WANOP acceleration comes

into play with these protocols to make the remote user experience as productive as possible.

Citrix SD-WAN WANOP appliances negotiate session options with XenApp and XenDesktop servers.

This allows the Citrix SD-WAN WANOP appliance to apply the following enhancements:

• It replaces the server’s native compression with higher-performance Citrix SD-WAN WANOP

compression.

• It bases the connection’s traic-shaping priority on the priority bits embedded in every XenApp

and XenDesktop connection. This allows the priority of the connection to vary according to

the type of traic. For example, interactive tasks are high-priority tasks and print jobs are low-

priority tasks.

• It gathers and reports statistics based on the XenApp or XenDesktop applications being used.

• It maintains the end-to-end encryption of the original connection.

Auto detection for minimal configuration. Because the solution is double-ended, requiring that

a Citrix SD-WAN WANOP product be present at both ends of the link, deployment would seem to im-

pose a burden on remote oices, especially ones without dedicated IT sta. However, Citrix SD-WAN

WANOP is designed to be very easy to install and maintain. A typical installation takes about twenty

minutes. The only parameters needed are the usual network parameters (such as IP address and sub-

net mask), the address of a Citrix license server, and the send and receive speed of the link.

Requiring only a minimal level of configuration is possible because of autodetection, through which

a Citrix SD-WAN WANOP determines which connections can be accelerated (and which cannot), with-

out any manual configuration. A Citrix SD-WAN WANOP at the other end of the link is automatically

detected, and the connection is then accelerated. You can add Citrix SD-WAN WANOP appliances to

your network in an ad hoc fashion. You do not even have to inform the existing appliances of the

arrival of a new one. They discover it for themselves.

A Citrix SD-WAN WANOP uses TCP header options to report its presence and to negotiate acceleration

parameters with the remote Citrix SD-WAN WANOP because TCP header options are part of the TCP

standard, this method works very well, except in cases where firewalls are programmed to reject all

but the most common options. Such firewalls exist, but they can be configured to allow the options

used by Citrix SD-WAN WANOP to pass through.

Citrix SD-WAN WANOP operations are transparent to both the sender and receiver. The other devices

in your network are not aware that Citrix SD-WAN WANOP

exists. They continue working just as they did before Citrix SD-WAN WANOP installation. This trans-

parency also eliminates any need to install special soware on your servers or clients in order to ben-

efit from Citrix SD-WAN WANOP acceleration. Everything works transparently.

Product line capabilities:

Citrix SD-WAN WANOP 10.2

Every product in the Citrix SD-WAN WANOP product line provides basic Citrix SD-WAN WANOP accel-

eration features. Most models have additional features as well, such as:

• Video caching

• Multiple accelerated bridges with Ethernet bypass feature

• Monitoring and management through the GUI, CLI, SNMP, AppFlow, and Citrix ADM.

Dierent Citrix SD-WAN WANOP products have dierent capabilities. Products that support higher

WAN bandwidths also support more users and typically have more resources: more power CPU, more

memory, larger disk, and more accelerated bridges.

The capabilities of products that run on your own hardware, such as the Citrix SD-WAN WANOP Plug-

in and Citrix SD-WAN WANOP VPX, depend on the speed of the hardware and the amount of system

resources that you dedicate to acceleration.

For up-to-date specifications, see the Citrix SD-WAN Product Data Sheet.

Citrix SD-WAN WANOP architecture

Citrix SD-WAN WANOP appliances accelerate the traic over you WAN links. To accelerate a WAN, you

need at least two Citrix SD-WAN WANOP appliances, one for each site you wish to accelerate.

The sender-side Citrix SD-WAN WANOP appliance applies a series of optimizations and transforma-

tions to your traic, such as compression and encryption. Many operations require that the receiver-

side Citrix SD-WAN WANOP perform an inverse operation, such as decompression or decryption, to

restore the traic to its original state.

Thus, most optimizations require that the traic pass through two Citrix SD-WAN WANOP appliances.

Some optimizations are single-ended, and are performed by the local appliance acting alone. These

optimizations include traic shaping and video caching.

Citrix SD-WAN WANOP appliances are largely transparent to the network. The appliance itself appears

to be a bridge, not a router, gateway, or proxy. This invisibility allows the appliance to be installed

without configuring any other hardware. The appliance optimizations are also transparent, detected

only by the partner appliance at the other end of the link.

Citrix SD-WAN WANOP appliances can be added to the network at will, because their auto-detection

and auto-negotiation features ensure that a new appliance on the network is immediately detected

by other appliances, and acceleration begins at once.

Although the diagram above shows a network with just two appliances, a single Citrix SD-WAN WANOP

appliance can communicate with any number of partner sites. Point-to-point, hub-and-spoke, and

mesh networks are all supported.

Citrix SD-WAN WANOP 10.2

In addition to stand-alone appliances, Citrix SD-WAN WANOP acceleration products include virtual

machines (the Citrix SD-WAN WANOP VPX series) and an installable acceleration service for Windows

systems (the Citrix SD-WAN WANOP Plug-in).

What acceleration means

In Citrix SD-WAN WANOP terminology, “acceleration” is the reduction of transaction time, which re-

duces the time users spend waiting. Because the time that users spend waiting represents a direct

productivity loss, acceleration’s main benefit is increased productivity.

In network traic, a transaction ranges from very small—a single byte of data in a telnet or SSH termi-

nal session—to very large, as with FTP transfers, which oen exceed a gigabyte in size. A practical ac-

celerator has to accelerate the entire range of transaction sizes, from interactive traic to bulk traic,

giving the best performance and user experience across the board. Citrix SD-WAN WANOP technology

achieves this in a variety of ways.

How acceleration works: The pipeline

To see how the Citrix SD-WAN WANOP appliance works, take a close look at the diagram of the traic-

flow pipeline. As you can see, there are two pipelines:

1. The sending pipeline, which accelerates data entering the WAN from the local LAN.

2. The receiving pipeline, which accelerates data exiting the WAN and entering the local LAN.

Send pipeline

To understand the appliance, consider the sending pipeline one unit at a time.

1. Input buer. Packets from the LAN are received by the appliance. Because non-TCP/IP traic is

optimized only by the traic shaper, non-TCP packets are diverted directly to the traic shaper.

The TCP/IP traic (called TCP traic from now on) traverses the rest of the pipeline.

Citrix SD-WAN WANOP 10.2

2. Video Cache. If the TCP traic matches the settings for the video cache, the request is handed

o to the video cache unit.

3. LAN-side auto-detection. Other than traic shaping, sender-side optimizations require that

there be a remote appliance as well as the local appliance. Any connections that don’t pass

through a remote appliance are diverted to the traic shaper. This action is performed by the

LAN-side auto-detection logic. The actual test for a remote appliance is done by the WAN-side

auto-detection unit.

4. LAN-side flow control.Citrix SD-WAN WANOP acts as a transparent TCP proxy, receiving and ac-

knowledging packets from the endpoint sender on behalf of the endpoint receiver. This allows

the appliance to accept large amounts of data from the local sender very quickly, at full LAN

speeds, regardless of how slowly traic is moving over the WAN. (Normal TCP uses end-to-end

speed control, which is not agile enough to allow maximum performance.) In addition, Citrix

SD-WAN WANOP flow control is lossless, meaning that the local sender never sees a dropped

packet, increasing reliability and eiciency.

5. Application engines.Citrix SD-WAN WANOP performs specific optimizations for several proto-

cols, including:

• XenApp and XenDesktop, using the ICA and CGP protocols.

• Windows Filesystem (CIFS, including the SMB1 and SMB2 versions)

• Outlook/Exchange (MAPI)

These optimizations reduce transaction time. This is done through rewriting, combining,

and reordering commands, using read-ahead and write-behind, using a knowledge of the

protocol for more advanced traic shaping, and compression hinting.

6. Compression engine. Compression makes the transactions smaller, reducing the time it takes

to transfer the data over the link. The Citrix SD-WAN WANOP compressor uses multiple com-

pression algorithms, some very eicient for small transactions, some optimized for bulk trans-

actions, and some for midsize transactions. Compression ratios of 10,000:1 are readily achieved

by the Citrix SD-WAN WANOP compressor. The compressor is very fast, allowing high compres-

sion ratios to be maintained at full WAN speeds. With Citrix SD-WAN WANOP processing, a file

that compresses at a 100:1 ratio can easily be sent over a 1 Mbps link with an overall throughput

of 100 Mbps.

7. Security engine. Some Citrix SD-WAN WANOP features require that the two appliances enter a

secure peer relationship with each other, and with the origin server. The security engine authen-

ticates this peer relationship and encrypts the accelerated data connections between them. A

secure peer relationship allows the use of SSL compression and the acceleration of encrypted

XenApp/XenDesktop (ICA/CGP), Windows Filesystem (CIFS), and Outlook/Exchange (MAPI) traf-

fic.

Citrix SD-WAN WANOP 10.2

8. WAN-side flow control and auto-detection. The WAN link is where traic slowdowns occur, and

if the link is congested, packets are lost and must be retransmitted. Retransmitting packets

always causes a significant delay, sometimes lasting more one second. The WAN-side flow-

control unit uses advanced retransmission elements and an advanced TCP/IP protocol for max-

imum performance in both “clean” and “troubled” links. The auto-detection unit identifies the

presence of a partner Citrix SD-WAN WANOP unit on a connection-by-connection basis, which

prevents optimizations from being used where they are not wanted, and allows new appliances

to be detected by the existing ones as soon as they are added to the network. Auto-detection

uses options in the TCP header field. This is normally transparent but might be blocked by some

firewalls, which need to be reconfigured.

9. Application classifier. This unit examines all the traic flowing through Citrix SD-WAN WANOP

and identifies which application or protocol it belongs to. This information is used in reporting

and by the traic shaper.

10. Traic shaper. To avoid congestion, excessive queuing, and other sources of avoidable delays,

the traic shaper injects traic onto the WAN at slightly less than the WAN’s data rate, to ensure

that the WAN is never overrun. A weighted fair queuing algorithm is used to ensure that all traic

gets its fair share of the link bandwidth. Traic-shaping policies allow dierent traic types to

receive dierent weights, so that some traic gets more bandwidth than others.

Receive pipeline

The pipeline in the receiving direction is similar to the sending direction, except that instead of en-

crypting, it decrypts, and instead of compressing, we have decompresses. Also, note that there is

a traic shaper in the receiving direction as well, applying traic-shaping policies to incoming WAN

traic, so that both directions are regulated.

Auto-detection and packet-level transformation

The auto-detection algorithm inserts TCP header options to announce the presence of a Citrix SD-WAN

WANOP appliance and to facilitate negotiation. These options are in the range of 24-31. The following

packet-level transformations are used:

• On the initial packet of the connection (the SYN packet), the sending appliance attaches header

options identifying itself as a Citrix SD-WAN WANOP appliance, and also declaring other capa-

bilities, such as compression. This is called a “tagged SYN packet.”

• Upon receiving a tagged SYN packet, the receiving appliance attaches header options to the

SYN-ACK packet, identifying itself in turn and announcing its capabilities.

• Once the sending appliance receives the tagged SYN-ACK packet, the connection can be accel-

erated according to whatever capabilities are shared by both appliances. For example, the con-

Citrix SD-WAN WANOP 10.2

nection is compressed if both appliances declared support for compression.

• The TCP initial sequence numbers (ISNs) in both directions are altered by adding 2,000,000,000

to the original values. This is a precaution that prevents the connection from continuing if one

appliance fails or has a routing change that prevents it from seeing all the traic in the connec-

tion. Once a connection is accelerated, it must remain accelerated throughout its lifetime.

• The MSS value is reduced, typically to 1380 bytes, to ensure that each packet has room for the

inserted Citrix SD-WAN WANOP TCP header options.

• The IP addresses and port numbers of the connection remain unchanged.

Pre-acknowledgement

The SYN and SYN-ACK packets flow from end to end:

• The SYN packet flows from the endpoint client, through the client-side appliance, over the WAN,

through the server-side appliance, and finally to the server.

• The SYN-ACK packet flows from the server, though the server-side appliance, over the WAN,

through the client-side appliance, and finally to the client.

The same is true for the final packets of the connection, the FIN, FIN-ACK, and RST packets.

Other packets, however, are pre-acknowledged. For example, when the server-side appliance re-

ceives a packet from the server, it acknowledges it over the LAN right away, and buers it for eventual

transmission over the WAN. This allows the server-side appliance’s buers to be filled very quickly,

so it always has plenty of data to use for compression and other optimizations. (This is very dierent

from normal TCP operation, where all acknowledgements come from the opposite side of the WAN,

making acknowledgement very slow, and forcing every segment of the connection to move no faster

than the slowest segment, greatly reducing the eectiveness of acceleration.)

Move traic into and out of the appliance

Citrix SD-WAN WANOP appliances have a number of “forwarding modes.” A forwarding mode is a

method of getting traic into and out of the appliance. The most common is inline mode, where

the Citrix SD-WAN WANOP appears to be a bridge device. Packets entering on one bridge port ap-

pear to exit the other one. Of course, Citrix SD-WAN WANOP transforms data in a variety of ways, so

in many cases the packet exiting the second port is not identical to the one that entered the first port,

but that is how it appears to the rest of the network.

Where inline mode is not practical, several other methods are available, most notably WCCP mode.

These are “one-arm” modes, using a single interface cable.

Citrix SD-WAN WANOP 10.2

Tip

You can manage and monitor your Citrix SD-WAN WANOP appliances using Citrix ADM, for more

information, see Managing Citrix SD-WAN instances using Citrix ADM

Get started with Citrix SD-WAN WANOP

December 14, 2018

Deploying Citrix SD-WAN WANOP appliances successfully is not diicult, but improper deployments

can cause problems and provide inadequate acceleration. Be sure to select appliances with suicient

capacity for the links that you want them to accelerate. Product selection is also one of the factors to

consider when deciding how best to fit the appliances into your topology.

The most basic deployment criteria are:

• All packets in the TCP connection must pass through a supported combination of two accelera-

tion units (Citrix SD-WAN WANOP appliances or Plug-ins).

• Traic must pass through the two acceleration units in both directions.

When these criteria are met, acceleration is automatic.

Acceleration Enhances Performance when Traic Passes through Two Appliances

For sites with only one WAN network, these criteria can be met by placing the Citrix SD-WAN WANOP

appliance inline with the WAN. In more complex sites, other options are available. Some, such as

WCCP support, are available on all models. Others are available on certain models only. Therefore,

the needs of a more complex site might limit your choice of appliances.

Citrix SD-WAN WANOP 10.2

When evaluating your options, consider the importance of keeping various segments of your network

up and running in the event that a device fails or has to be disabled. For inline deployments, Citrix rec-

ommends an Ethernet bypass card. This card, which is optional on Citrix SD-WAN WANOP appliances,

has a relay that closes if the appliance fails, allowing packets to pass through even if power is lost or

removed.

Redundancy is a consideration for all types of deployments. Citrix SD-WAN WANOP appliances oer

dierent types of redundancy:

• SD-WAN WANOP 4000/5000 appliances have dual power supplies.

• SD-WAN WANOP 4000/5000 appliances have redundant disk drives.

• Appliances can be used in high-availability mode (two redundant appliances with automatic

failover). This mode is supported on all models.

Note

For more information on Citrix SD-WAN WANOP appliances and deployment modes, see the SD-

WAN WANOP platform documentation

Select an appliance based on capacity

November 22, 2018

For proper operation, your Citrix SD-WAN WANOP appliance must have adequate resources to support

the number of WAN links that you want to accelerate, and to support all of the users of those links.

Three capacities are important when selecting a Citrix SD-WAN WANOP

appliance: link capacity (bandwidth), user capacity, and disk capacity.

Link capacity

When selecting a Citrix SD-WAN WANOP appliance, the most important factor is that it support your

WAN links. If your site has a single WAN link, your appliance should support your link speed. For exam-

ple, a Citrix SD-WAN WANOP 2000-010 can supports links of up to 10 Mbps, which would be suitable

for an 8 Mbps link but not a 12 Mbps link. If your site has multiple links that are to be accelerated by a

single appliance, the appliance should support the total speed of all these WAN links added together.

The maximum supported speed is determined by a combination of the appliance hardware and the

product license. The licensed bandwidth limit is the maximum link speed that is supported by the

license.

Citrix SD-WAN WANOP 10.2

Product Licensed WAN BW Range

Current Products

SD-WAN WANOP Plug-in N/A

SD-WAN WANOP 400 2-6 Mbps

SD-WAN WANOP 800 2-10 Mbps

SD-WAN WANOP 2000 , 2000WS 10-50 Mbps

SD-WAN WANOP 3000 5 0-155

SD-WAN WANOP 4000 310-1,000 Mbps

SD-WAN WANOP 5000 1,500-2,000 Mbps

SD-WAN WANOP VPX 1-45 Mbps

Table 1. Licensed Bandwidth Limits by Product Line

XenApp/XenDesktop user capacity

Each appliance is rated for a maximum number ofXenApp or XenDesktop users. This value should

not be exceeded when your deployment uses XenApp or XenDesktop. If you are not using XenApp or

XenDesktop, consider this number a rough guide to the number of users of other applications.

Product Maximum Users

SD-WAN WANOP Plug-in 1

SD-WAN WANOP 400 10-30

SD-WAN WANOP 800 20-100

SD-WAN WANOP 2000 , 2000WS 100-300

SD-WAN WANOP 3000 300-500

SD-WAN WANOP VPX 20-350

SD-WAN WANOP 4000 750-2,500

SD-WAN WANOP 5000 3,500-5,000

Table 2. XenApp/XenDesktop User Capacity

Citrix SD-WAN WANOP 10.2

Disk size

Disk space is used mostly for compression history, and more disk space results in greater compression

performance.

The SD-WAN WANOP 4000/5000 series oers from1.8 TB to2.4 TB of disk capacity. That compares

to 2.1 TB for the SD-WAN WANOP 3000, 470 GB for the SD-WAN WANOP 2000, 80 GB for the SD-WAN

WANOP 800, and 40 GB for the SD-WAN WANOP 400. SD-WAN WANOP VPX has a disk capacity of 100-

500 GB. Ideally, an appliance should have a disk capacity larger than the cycle time of the link’s data.

For example, a link carrying mostly daily update traic should have 24 hours of disk capacity or more.

With a link carrying mostly user sessions, this window can be smaller. (A 1 Mbps link can transfer about

10 GB per day at full speed.)

Table 3. Examples of Data Lifetime for Disk Sizes

Appliance

Model

Link Speed-1

Mbps

Link Speed-10

Mbps

Link Speed-100

Mbps

Link

Speed-1000

Mbps

Data lifetime at

33% link

utilization

SD-WAN WANOP

800

23 days 2.3 days NA NA

SD-WAN WANOP

2000, 2000WS

141 days 14 days NA NA

SD-WAN WANOP

5000

717 days 72 days 7.2 days 17 hours

Data lifetime at

100% link

utilization

SD-WAN WANOP

800

8 days 19 hours NA NA

SD-WAN WANOP

2000, 2000WS

47 days 4.7 days NA NA

SD-WAN WANOP

5000

239 days 24 days 2.4 days 6 hours

Table of contents

Other Citrix Network Hardware manuals

Citrix

Citrix SD-WAN 110-WiFi-SE User manual

Citrix

Citrix ADC MPX User manual

Citrix

Citrix NetScaler 9010 Platform User manual

Citrix

Citrix ByteMobile T1010 Quick guide

Citrix

Citrix NetScaler EE Operating and maintenance instructions

Citrix

Citrix MPX 16000T User manual

Citrix

Citrix ADC MPX 5550 User manual

Popular Network Hardware manuals by other brands

D-Link

D-Link DNS-1560-04 Quick installation guide

Digisol

Digisol DG-SR4508 Quick installation guide

Chatsworth Products

Chatsworth Products RIM-600 user manual

Teletronics International

Teletronics International TT 900 user manual

Leviton

Leviton 47603-24P Specifications

Paradyne

Paradyne FrameSaver NP 64+ user manual

TP-Link

TP-Link GPON OLT P1200-08 Configuration guide

ADTRAN

ADTRAN OSU 300 user manual

Leonton

Leonton CBG5-0602-SFP-Lite Hardware user manual

Moxa Technologies

Moxa Technologies NPort 5410 Quick installation guide

ZyXEL Communications

ZyXEL Communications FTU2000 user guide

Mobatime

Mobatime MOBALine-Booster Mounting and instruction manual

Uni-Fi

Uni-Fi G2 user manual

NEC

NEC Univerge SV8100 System hardware manual

IBM

IBM System storage DS6000 Series Introduction and planning guide

JVC

JVC VR-X3200U instructions

Quectel

Quectel Wi-Fi-M.2 EVB user guide

Cisco

Cisco o UCS X440p Installation and service guide

Citrix SD-WAN WANOP 10.2 User manual

Popular Network Hardware manuals by other brands