New release expands the size and scope of SD-WAN

Does your solution scale? That’s one of the most frequent questions we get from companies evaluating NetScaler SD-WAN. Whether the company has 20 sites or 2000, they want to make sure that their SD-WAN network can support their current size and easily grow to accommodate their future size.

But everyone in networking, or technology in general, knows this is rarely a yes or no question, because scale has many dimensions and will always be a relative term. What’s large to one person is trivial to another and what’s complex to one person is simple to another. However, there are some aspects of scale we can all agree on: the number of branch locations is expanding, bandwidth demand is growing, IoT is creating more endpoints, cloud migration is adding more content locations, applications are proliferating, and, frequently, the number of staff to deal with this growth is shrinking.

With the recent release of NetScaler SD-WAN 10.0, we stepped back and evaluated scale along many dimensions and from the perspectives of different organizations and people. We wanted to make sure that when asked whether customers can operate their NetScaler SD-WAN networks at scale, we could answer with a definitive yes, while knowing that we had an architecture that would further scale to future networks as well.

Introducing Regions

This release formally introduces the concept of regions to NetScaler SD-WAN. Regions allow you to subdivide your network into smaller sub-networks. These can be organized regionally, as the name implies, but can also easily be used to group sites of a similar size, function, network design, or any organizing principle that makes sense in your environment.

Each region can contain up to 550 sites, allowing you to break your network into smaller manageable groups, and each region has a regional control node (RCN). A network-wide master control node (MCN) provides key management plane functions across all regions. Using this architecture, the network can continue to grow, as large networks can be broken into regions.

As we look at how we address all the dimensions of scale, regions are key as generally actions can be taken against an individual location, a region, or the entire WAN. In fact, regions are such a helpful way to organize your network, you may choose to use them for reasons other than scale, and even small networks can benefit from this approach. Recognizing that regions may be used just to organize the network, we enabled up to 64 regions in a network.
Let’s drill deeper into the release and look at several aspects of scaling, how this release addresses them, and how regions apply.

Network Configuration via SD-WAN Center — Users that want to build a network configuration with the SD-WAN Center GUI will see changes that make the GUI intuitive regardless of network size. Configuration templates can be defined and applied at the region level. And when it’s necessary to look at an individual site configuration, it’s easy to locate that site with easy search capabilities.

Licensing — License management has been centralized so that applying licenses to new locations is seamless. When a new location comes on line, it can check out one of the available licenses in the license pool from SD-WAN Center. No need to explicitly apply a license or mess with license files and keys. Sites that are unable to immediately acquire a license will have a grace period of 30 days to enable installing the license and proceed. A simple interface displays what licenses are in use, when they’re going to expire, and how many are available. So, whether you have 25 sites or 2500, managing all of your licenses is easy and no site will stop functioning because of a license issue.

Upgrades — We’re excited that we frequently roll out new functionality as part of NetScaler SD-WAN, but we know that actually upgrading the network can be time-consuming and finding a maintenance window can be difficult. With this latest release, upgrades don’t have to be done all at once. You can upgrade a portion of your network, test the upgrade, and then proceed with additional upgrades on your own schedule. Sites within a region or across regions will continue to inter-operate indefinitely at different release levels.

Management and troubleshooting via SD-WAN Center — One of the difficult things about managing a large network is focusing attention on areas that need attention without getting lost in the clutter of too much data. This release introduces a new management portal that allows you to see at a glance the status of the network as a whole, while highlighting any locations, networks or applications that need attention.

Reports and analytics — We’ve received lots of positive feedback on the amount and detail of data that we make available through NetScaler SD-WAN Center, Citrix NetScaler MAS and Citrix Analytics. But the larger the network, the more data there is to collect. So, with this release, we’re using the regional control nodes as local data collectors, allowing data collection to be a distributed function. Data from each region is aggregated at SD-WAN Center, where it can then be sent to Citrix Analytics, NetScaler MAS, or to another management system you may be using. This approach ensures no data is lost while preventing management data from impacting network data functions.

Routing — More locations and more users usually equals more routes. Therefore, with this release, the routing table was dramatically expanded. In addition, administrators familiar with managing routes via command line interfaces now have access to some easy commands for viewing active routes, easing troubleshooting in any size network. One of the most commonly used features in large networks is IP multi-cast. Whether it is videos, digital displays or other such massive data distribution activities, multi-cast makes life easy, and now it is enabled on NetScaler SD-WAN.

Direct Internet breakout — The old adage – less is more – can apply to a network as well. The NetScaler SD-WAN solution for direct internet breakout from the branch expanded in this release with the ability to identify web and SaaS applications and selectively steer traffic directly to the Internet, through a secure web gateway, or backhauled through a data center. The combination of the integrated firewall in NetScaler SD-WAN, a frequently updated library of over 4000 applications, and policy-based application steering makes it easy to identify applications and block or send application traffic directly to the Internet, reducing the impact of those applications on your WAN while maintaining security.

New 210 Appliance — Large networks often have lots of smaller sites, even home offices or unmanned outlets filled with things. The 10.0 release of NetScaler SD-WAN also introduces the 210 appliance, which is a modem sized, fan-less appliance suitable for small locations, and with a price to match. The 210, while small in size, still supports the full SD-WAN application set, dynamic routing, firewall, zero-touch deployment and contains fail-to-wire ports. This appliance makes deployments at massive scale cost-effective, especially when used as the gateway router. Read more about this Standard Edition Appliance (and stay tuned for news about the upcoming integrated LTE functionality!)

Application Programming Interfaces (APIs) — When it comes to really large networks, many companies will choose to automate configuration and ongoing management. With this release, NetScaler SD-WAN now contains a full set of APIs to allow you to do just that. Using REST APIs, you can use an external orchestration system or script to automate a complete configuration build, modify selected attributes, push a new configuration, collect data and receive alerts.

And there’s always the option of making it someone else’s responsibility

Citrix has a large and growing portfolio of managed service providers that offer Citrix SD-WAN as a service. This includes Citrix Solution Providers like RapidScale that have added managed SD-WAN to their other applications services. So while this release makes scaling your SD-WAN easier than ever, if you want someone else to manage it for you talk to your Citrix representative to learn about options for SD-WAN as a service. (Or if you are a service provider, read the details about the program here and see what it takes to get started adding SD-WAN to your service portfolio.)

Where to go next?

If you’re interested in learning more about NetScaler SD-WAN in general or want to start a free trial, go to Existing customers can access the 10.0 download now from the download page at