One of the key advantages of NetScaler SD-WAN is capex reduction through device consolidation. SD-WAN achieves this by supplanting existing routing and on-premises firewall devices.

Different Enterprise networks have different requirements driven by size, complexity and level of confidence with their existing solution. At Citrix, we understand this and provide multiple options to customers that are interested in leveraging SD-WAN benefits.

Edge Mode. As the name suggests, NetScaler SD-WAN products ( hardware appliances or virtual/software form factor) can be deployed in an edge mode wherein customers can directly terminate their Ethernet WAN links on our SD-WAN solution. Customers can eliminate their dedicated legacy edge routers and take full advantage of our SD-WAN solution.


We supported  Edge mode from day-1 with the help of Static Routing. With this option in the Edge mode, customers can configure static routes towards the carrier side and directly terminate WAN links on our SD-WAN devices.

However, we understand that supporting Edge mode requires more than static routing and the capability to directly terminate WAN links. In this regard, we have added features like Dynamic Routing, Firewall Filters, NAT, Secure Web Gateway, Netflow, DHCP etc. so as so seamlessly replace the legacy router. The idea is ensure compatibility with the current features that a customer is using and at the same time provide SD-WAN goodness.

As a quick note on Dynamic Routing, we have added eBGP (for WAN side use cases), and OSPF and iBGP (for LAN side use cases). LAN side routing is key for simplicity when scale grows: route learning, deletion, convergence etc. are done automatically. We also understand that a customer replacing legacy routing sites with SD-WAN solution will have a slow migration, one that will entail supporting communication between sites that have SD-WAN solution deployed and sites that do not yet have an SD-WAN solution. Having Dynamic Routing capability for WAN side is key in such use cases. Along with Dynamic Routing, we have added route filtering capabilities that helps a user control what he advertises and learns from peers.

Apart from Dynamic Routing, we have also added adding Routing Domain features set. This is similar to VRF lite where we are creating multiple Routing instances with their unique policies and routing table. Routing domains assists with segmenting and isolating a network. This is useful in use cases like Guest WiFi access, and Quarantined network (in cases where a device is compromised and requires forensic analysis).


In the next blog post, we will look at the other two modes: one-arm mode and Inline mode.