9. 9
• Dynamic Paths
– Connect Hub or Branch sites directly based on
• LAN to WAN or WAN to LAN kbps
• LAN to WAN or WAN to LAN kpbs
– Route Tables on the participating systems are updated
– There is a limit in each appliance for the number of
dynamic paths.
• When the limit is reached static paths will be used
– Provisioning manages allocation of capacity
– Rule and Class traffic management policies are honored
SD-WAN Meshing With Dynamic Paths
MCN
Branch
Branch
Branch
Branch
Branch
14. 14
NetScaler SD-WAN: Create a tunnel
MPLS EF Queue
MPLS Default Queue
Internet
NetScaler SD-WAN NetScaler SD-WAN
Logical tunnel created by encapsulating in UDP
LOGICAL TUNNEL CREATED
FROM DIVERSE LINKS
Connections can be built to the data center,
a private cloud, or another branch allowing
for a full mesh if desired!
15. 15
NetScaler SD-WAN: Measure every path
MPLS EF Queue
MPLS Default Queue
Internet
NetScaler SD-WAN NetScaler SD-WAN
Logical tunnel created by encapsulating in UDP
latency loss jitter cong.
latency loss jitter cong.
latency loss jitter cong.
latency loss jitter cong.
latency loss jitter cong.
latency loss jitter cong.
• The quality of every potential path is assessed with every packet, in each direction
Latency, loss, jitter, congestion and
availability are monitored for each path and
in each direction. And real traffic is used for
the measurement, not probe data.
!
16. 16
NetScaler SD-WAN: Direct traffic to the best path
MPLS EF Queue
MPLS Default Queue
Internet
NetScaler SD-WAN NetScaler SD-WAN
Logical tunnel created by encapsulating in UDP
• The quality of every potential path is assessed with every packet, in each direction
• Each data stream is directed to best path(s) with priority given to critical applications
BANDWIDTH
CONTROL
Each MPLS queue is treated as a separate
path, maximizing the value of MPLS and
ensuring the best path is always used.!
17. 17
NetScaler SD-WAN: Detect and fail over without impact
MPLS EF Queue
MPLS Default Queue
Internet
NetScaler SD-WAN NetScaler SD-WAN
Logical tunnel created by encapsulating in UDP
• The quality of every potential path is assessed with every packet, in each direction
• Each data stream is directed to best path with priority given to critical applications
• Data immediately fails over if an error is detected on any link
DETECT PROBLEMS QUICKLY
We can detect degraded links, or brownouts,
and quickly adapt traffic to compensate. By
not waiting for an actual outage, loss and
latency spikes won’t cause performance
problems.
!
18. 18
NetScaler SD-WAN: Detect and fail over without impact
MPLS EF Queue
MPLS Default Queue
Internet
NetScaler SD-WAN NetScaler SD-WAN
Logical tunnel created by encapsulating in UDPFailover occurs within a 2-3 packets of loss,
and those lost packets can be retransmitted
and reordered so the application is never
affected.
!AND REACT WITH LOSSLESS FAILOVER
• The quality of every potential path is assessed with every packet, in each direction
• Each data stream is directed to best path with priority given to critical applications
• Data immediately fails over if an error is detected on any link
19. 19
NetScaler SD-WAN: Optionally duplicate real-time traffic
MPLS EF Queue
MPLS Default Queue
Internet
NetScaler SD-WAN NetScaler SD-WAN
Logical tunnel created by encapsulating in UDPWith packet duplication, VoIP and HDX Thin
Wire will always take fastest path and never
lose a packet, results in an optimum user
experience
!
• The quality of every potential path is assessed with every packet, in each direction
• Each data stream is directed to best path with priority given to critical applications
• Data immediately fails over if an error is detected on any link
• Packet duplication ensures no loss of critical data for ultimate in consistent user experience
PACKET DUPLICATION
20. 20
NetScaler SD-WAN: Use multiple links for one session
MPLS EF Queue
MPLS Default Queue
Internet
NetScaler SD-WAN NetScaler SD-WAN
Logical tunnel created by encapsulating in UDPBonding links can result in a file
transfers that take half the time,
mitigating the impact of latency!
• The quality of every potential path is assessed with every packet, in each direction
• Each data stream is directed to best path with priority given to critical applications
• Data immediately fails over if an error is detected on any link
• Packet duplication ensures no loss of critical data for ultimate in consistent user experience
• Large flows can use multiple links simultaneously
BOND MULTIPLE LINKS
21. 21
NetScaler SD-WAN: Breakout Internet at the Branch
MPLS EF Queue
MPLS Default Queue
Internet
NetScaler SD-WAN NetScaler SD-WAN
Avoid backhauling Internet-bound traffic to
the data center to save bandwidth and
improve application performance!
• Allows Internet-destined traffic to go to the Internet directly or via a Secure Web Gateway (SWG)
• Interconnect with SWG services (Zscaler, ForcePoint, and McAfee) for security and policy enforcement
• Control the maximum amount of bandwidth for Internet traffic
Secure Web Gateway
(Zscaler, Forcepoint)
23. 23
Stand By WAN Links
Internet
MPLS
LTE-1NetScaler SD-WAN NetScaler SD-WAN
Satellite-1
LINK TYPE ACTIVE STANDBY
Example Internet, MPLS LTE-1, Satellite-1
• Choose Standby WAN Links based on Business rules
• Determine when Standby WAN links become Active
• Based on state of Active links – Use Standby links only when all active links are down
• Based on certain capacity thresholds - Make Standby Active, when traffic crosses a certain threshold %age
• Prioritize across Standby links for utilization – Use LTE from Carrier1 before using Satellite link
26. 26
End-to-End QoS Ensures Delivery and Efficiency
• QoS configuration configured globally from a single source, highly customizable
• Proactively prevent loss with duplication, react to network conditions with
retransmission and/or redirection
• Last-mile awareness prevents oversubscription and wasted utilization
WAN
10Mbps
Received
5Mbps
5Mbps
2.5Mbps
2.5Mbps
5Mbps
Received
28. 28
Integrated Stateful Firewall
• Comprehensive Firewall security: IP to Application layer
– Secure hosts, ports and infrastructure
– Support for Dynamic and Static NAT
– Enable firewall rules even for encrypted traffic with
Application intelligence
• Define zones to enforce different policies for
different users
• Single Point of Management across Network
– Provision, troubleshoot and analyze Routing and Security
through SD-WAN center
• NSS Labs certification coming in 3Q…
ALLOW
REJECT
COUNT &
LOG
DROP
33. 33
OVERLAY or WAN EDGE MODE
Routing Domains
• Expanded to 255 route domains
• A domain is a top level network entity that provides
network layer isolation
• Across domains, application policies, rules, routes and
routing tables are completely independent
USE CASES
• Application separation
• Enterprise acquisitions
• Managed Service Providers
BENEFITS
• Support for traffic isolation across
the Virtual WAN deployment
• Simplified management–Build per
domain policies without concern
for interference
Domain 1
Domain 255
MPLS
Internet
40. 40
Data Center
or CloudRemote
NetScaler MAS
L4 Per-Hop
SD-WAN - SESD-WAN - SE
NetScaler Gateway
Or SD-WAN WO/EE
ICA Info
L4 Per-Hop
• Supported across NetScaler portfolio
and integrated with Desktop
Director
• Existing integration with other
analytics & visibility tools e.g. Splunk
• Detailed visibility on users,
apps/desktops and devices
• Start with a user and click through to
identify hop-by-hop latency
• Quickly narrow down source of
problems
• Real-time analysis as well as historical
data for troubleshooting
Extended Visibility with HDX Insight
NetScaler
Gateway
NetScaler SD-WANNetScaler SD-WAN