Synergy2016 - Citrix NetScaler SD-WAN

SYN620: Citrix CloudBridge SD-WAN
Citrix Synergy 2016
May 2016
Table of Contents
Training Overview ........................................................................................................... 3
Training Overview ........................................................................................................ 4
Lab Environment Details .............................................................................................. 5
Lab Scenario ................................................................................................................ 7
Module 1: CloudBridge Virtual WAN Configuration ......................................................... 8
Exercise 1: Datacenter CloudBridge Virtual WAN Configuration ................................ 10
Exercise 2: Remote CloudBridge Virtual WAN node Configuration ............................ 35
Exercise 3: Finalizing the Virtual WAN Configuration ................................................. 51
Module 2: CloudBridge Virtual WAN Provisioning ......................................................... 56
Exercise 4: Provision the MCN Using the Saved Configuration File........................... 57
Exercise 5: Applying the Configuration to the Remote Appliance .............................. 68
Module 3: CloudBridge Virtual WAN Customization ...................................................... 78
Exercise 6: Customization of the Rules and Classes ................................................. 79
Exercise 7: WAN Link Bonding/Aggregating Using iPerf ............................................ 91
Exercise 8: Solving Congestion using CloudBridge Virtual WAN QoS ..................... 102
Module 4: CloudBridge Virtual WAN Upgrade ............................................................. 109
Exercise 9: Upgrade Procedure ............................................................................... 110
Module 5: CloudBridge Virtual WAN Virtual WAN Center ........................................... 117
Exercise 10: Introduction to Virtual WAN Center ...................................................... 118
Exercise 11: Upgrade Virtual WAN Center ............................................................... 125
Exercise 12: Use Virtual WAN Center to calculate MOS .......................................... 129
Module 6: CloudBridge 9.0 Release ............................................................................ 136
Exercise 13: Introduction to CloudBridge 9.0 Metered Links .................................... 137
Exercise 14: Introduction to CloudBridge 9.0 IPsec Protected Virtual Paths ............ 143
Exercise 15: Introduction to CloudBridge 9.0 Path State Sensitivity Control ............ 151
Exercise 16: Introduction to CloudBridge 9.0 MPLS Queues ................................... 160
Lab Guide Appendices ................................................................................................ 172
Appendix A: Additional Resources and Information ................................................. 173
Training Overview
citrix.com 3
Training Overview
Objective
In the following lab exercises, you will learn how to configure and deploy a Citrix CloudBridge 8.1 Virtual
WAN environment. You will also be introduced to the 8.1 Virtual WAN Center configuration and
monitoring tool. Also we will introduce you to the latest 9.0 feature enhancements.
Required Prerequisites
Basic knowledge of WAN and LAN networking, routing in particular.
Audience
Target
Citrix Internal Sales Engineers

Citrix Internal Consultants
Citrix Internal Technical Support
Partners
Lab Guide Conventions

Indicator Purpose
This symbol indicates particular attention must be paid to this step
Special note to offer advice or background information
reboot Text the student enters or an item they select is printed like this
Start Bold text indicates reference to a button or object
Focuses attention on a particular part of the screen (R:255 G:20 B:147)
Shows where to click or select an item on a screenshot (R:255 G:102 B:0)
citrix.com 4
Lab Environment Details
The CloudBridge SD-WAN environment consists of a single remote office communicating with a single
data center through the CloudBridge Virtual WAN Solution. In this lab, the entire environment is laid out
all on the same XenServer hypervisor. CloudBridge virtual machines (CB-VPX) instead of physical
appliances are being utilized to provide the link aggregation/bonding ability between two WAN emulators,
representing a low bandwidth MPLS and high bandwidth Internet WAN link.
Virtual Machines
VM Name Data IP Management IP Description
Address Address
AD.training.lab 172.16.10.20 192.168.10.11 Domain Controller, DNS

DC_CB_vWAN 172.16.10.2 192.168.10.20 Data Center CloudBridge VIRTUAL WAN VPX
DC_INET_Router 172.16.20.1 192.168.10.252 Vyatta Router
DC_MPLS_Router 172.16.10.1 192.168.10.251 Vyatta Router
DC_LAN_Router 172.16.10.254 Vyatta Router
CB_vWAN_Center n/a 192.168.10.15 Central Management for VIRTUAL WAN
INET_WANem n/a 192.168.20.2 WAN Emulator
MPLS_WANem n/a 192.168.30.2 WAN Emulator
Remote_CB_vWAN 172.17.10.1 192.168.10.25 Remote CloudBridge VIRTUAL WAN VPX
Remote_Client 172.17.10.10 192.168.10.55 Windows 8.1 Professional
Remote_INET_Router 172.17.20.1 Vyatta Router
Remote_MPLS_Router 172.17.30.1 Vyatta Router

iPerf 172.16.10.21 192.168.10.50 TCP Traffic Generator/Analyzer
Video_FTP 172.16.10.22 192.168.10.45 Windows Server 2012 R2 | FileZilla Server
VDA 172.16.12.10 192.168.10.35 Windows 8.1 Professional | XenDesktop 7.6 VDA
XenDesktop 172.16.11.10 192.168.10.30 Windows Server 2012 R2 | XenDesktop 7.6 Delivery
Controller/StoreFront Server
Credentials
User Name Password Description
Training\Administrator Citrix123 Domain Administrator

Training\User1 Citrix123 Standard User
Training\User2 Citrix123 Standard User
admin password CloudBridge Virtual WAN
citrix.com 5
citrix.com
Topology
Dev_Desktop
eth0: 192.168.10.250
Student_Desktop
Virtual WAN Center eth0: 192.168.10.10
eth0: 192.168.10.15 (studentdesktop\localuser (10ca1us3R)
AD_DNS
eth0: 172.16.10.20
eth1: 192.168.10.11 Router
TRAINING\Administrator (Citrix123) eth0: Private bond0
eth1: Public bond1
eth2: 192.168.10.1
INET_Remote_Rtr_CB_vWAN INET_DC_Rtr_CB_vWAN
M
.2 172.17.20.X .1 .1 172.16.20.X .2
INET_WANem a
br0: 192.168.20.2 iPerf n
(root/Citrix123)
eth0: 172.16.10.21
Remote_INET_Router DC_INET_Router eth1: 192.168.10.50
a
eth0: 192.168.20.3 eth0: 192.168.20.1 (root/password)
eth1: 172.17.20.1
g
eth1: 172.16.20.1
eth2: 192.168.10.252 e
m
e
3 MPLS_DC_Rtr_CB_vWAN 3 DC_LAN
Remote_LAN MPLS_Remote_Rtr_CB_vWAN n
.1 172.16.10.X .2 .2 172.16.10.X Video_FTP
172.17.10.X .1 .2 172.17.30.X .1
2 1 1 2 eth0: 172.16.10.22 t
eth1: 192.168.10.45
TRAINING\Administrator (Citrix123)
Remote_CB_vWAN DC_CB_vWAN
(Gateway Mode) Remote_MPLS_Router DC_MPLS_Router (Inline Mode)
Remote_Client eth3: 172.17.20.2 eth0: 192.168.30.3 eth0: 192.168.30.1 .254
eth3: 172.16.20.2
eth0: 172.17.10.10 eth2: 172.17.10.1 eth1: 172.17.30.1 eth1: 172.16.10.1
eth1 & eth2: 172.16.10.2
eth1: 192.168.10.55 eth1: 172.17.30.2 eth2: 192.168.10.251
eth0: 192.168.10.20
(Temp\Password1) eth0: 192.168.10.25
(CitrixAdmin\Citrix456) MPLS_WANem
br0: 192.168.30.2
DC_LAN_Router
eth0: 172.16.10.254
eth1: 172.16.11.1
eth2: 172.16.12.1
DC_LAN_2
172.16.11.X
XenDesktop
eth0: 172.16.11.10
eth1: 192.168.10.30
(Administrator/Citrix456)
DC_LAN_3
172.16.12.X
Win_8_VDA
eth0: 172.16.12.10
eth1: 192.168.10.35
TRAINING\Administrator (Citrix123)
.\CitrixAdmin (Citrx456)
Get a closer look at the topology: https://citrix.sharefile.com/d-s0042c4e9b1d4acc9
Management | 192.168.10.X
6
Lab Scenario
You are the Network Administrator for a large enterprise business called QWERTY Logistics. You have
been tasked with introducing CloudBridge Virtual Appliance appliances to provide load balancing ability
between your current active MPLS WAN Link and your current standby Internet (INET) WAN link. With
the help of CloudBridge Virtual WAN you are expected to bring the INET link from a standby state into an
active state to make full use of the extra inexpensive bandwidth for application delivery from your
datacenter. The remote site users must have access to all applications located in the data center and
they need more inexpensive bandwidth that the CloudBridge Virtual WAN devices will provide by
leveraging inexpensive internet links. The CloudBridge solution is expected to provide similar service-
level agreements (SLA) and secured application delivery, which can typically be found with expensive
MPLS WAN circuits.
You will first run through the configuration process of the datacenter CloudBridge Virtual WAN appliance.
Next, you will add a remote site and run through the configuration process for the remote site
CloudBridge Virtual WAN appliance.
Finally, you will test the new Virtual WAN environment by altering the speed of the WAN links, using the
WAN emulator console to showcase the three key tenants of Virtual WAN; Always On Branch,
Aggregation of WAN Links, and Application optimization.
Please take note that the CloudBridge SD-WAN portfolio consists of 3 different editions:
WAN Optimization Solution

Virtual WAN Solution
Enterprise Edition
The foundation of the CloudBridge SD-WAN solution is the Virtual WAN Solution, allowing for multiple
WAN links to be utilized as one. On top of that environment, you can easily add on WAN Optimization
capabilities by leveraging additional WAN Optimization appliances or utilizing the Enterprise Edition which
adds the same ability on a single chassis dedicated to reducing the hardware footprint for the branch
office locations. This lab walks you through building that foundation with CloudBridge Virtual WAN
Solution.
citrix.com 7
Module 1: CloudBridge Virtual
WAN Configuration
citrix.com 8
Module Overview
This module will lead you through the configuration of the CloudBridge Virtual WAN virtual
machines.
Please take special note that this environment leverages the CloudBridge VPX which does not
have fail-to-wire capabilities. Only the physical CloudBridge appliance have fail-to-wire
capabilities and are recommended to be deployed Inline Mode. Fail-to-wire enables two
network interfaces on an appliance to be bridged together and allow connectivity through the
appliance in the event of power failure or software crash, by closing a relay between the two
interfaces. In short fail-to-wire is a method to protect against complete site outage when an
appliance is directly place in path of all traffic. With the limitation of no fail-to-wire capabilities on
the VPX you can still deploy in Inline Mode, but the recommendation would be to deploy VPX in
Virtual Inline Mode (Policy Based Routing). Alternatively, VPX can also be deployed in
Gateway Mode which enables Layer 3 capabilities on the CloudBridge, making the CloudBridge
the default gateway for its respective site. Please reference the Citrix Knowledge Base articles
for familiarity with other deployment modes, those being most commonly deployed PBR Mode
and Transparent Inline Mode with fail-to-wire capabilities. Links can be found in the appendix
section of this Lab Guide.
It is critically important that before configuring the CloudBridge Virtual WAN appliance for any
environment, you complete the following pre-requisites:
1. Create the desired network topology

2. Identify the deployment mode and obtain all IP address for both the management plane
and the data plane
This has been done already for you for the following lab exercises. The network topology link
can be found in the appendix section of this Lab Guide. Please keep the topology nearby as a
reference in understanding the build-out of the configuration.
citrix.com 9
Exercise 1: Datacenter CloudBridge Virtual WAN
Configuration
Overview
The datacenter CloudBridge Virtual WAN will be configured first. This device is required to be
enabled as a Master Control Node, or MCN. The MCN is the central node for all remote
appliances. All configuration work, even for the remote site appliances, is completed on the
MCN using the Configuration Editor tool. This provides a central point for all configuration and
allows the configuration changes and software upgrades to be pushed out to all the remote
CloudBridge devices that will participate in the Virtual WAN environment.
NOTE: We will deploy the VPX in Inline Mode, but please note that VPX does not have fail-to-
wire capabilities. In a live production environment if Inline Mode is desired a physical appliance
is recommended.
In this exercise you will:

Configure the datacenter CloudBridge Virtual WAN virtual appliance as the Master
Control Node and perform basic appliance administrative configuration
Prepare the configuration to be replicated to the remote site CloudBridge Virtual WAN
device
Estimated time to complete this exercise: 30 Minutes
Virtual Machines Required for this Exercise
DC_CB_vWAN
citrix.com 10
Step by Step Guidance
Step Action
1. At this stage you should have logged into your lab by launching your ICA file through
Citrix Receiver (https://www.citrix.com/go/receiver.html) and automatically logged into
the Student Desktop. From here you have the ability to administer the entire hypervisor
environment by logging in via XenCenter using the provided admin/##### credentials
provided to you on the lab web portal. Also from the Student Desktop, you have ability
to connect to the management IP of all the instances in the environment, as well as
ability to connect to the Remote_Client workstation where connections can be initiated
to the DataCenter instances across the configured Virtual WAN solution. Please make
use of the provided topology (link provided in the Appendix) to better orientate yourself
with in the environment. Having the topology open throughout all the exercises below
will make for better understanding of the solution.
From the Student Desktop, first we are going to log on to XenCenter to start remaining
VMs that we will need for the following exercises. Then we will log into the Data Center
side CloudBridge Virtual WAN appliance and begin configuration.
2. First, we are going to access the XenCenter administration tool.
On the Student Desktop, open XenCenter from Start > All Programs.
3. Right click on the devcompute-001.ondemand.vtc node, and select Connect.
citrix.com 11
Step Action
4. Log in using the XenServer credentials supplied via the lab web portal, make sure to
change the user name from root to admin and use the password listed in the web
portal.
5. Once logged in, individually right click and select Start for the MPLS_WANem and
INET_WANem VM.
citrix.com 12
Step Action
6. \Next, open a new Firefox internet browser window. From the Student Desktop, double-
click the Mozilla Firefox shortcut.
7. In the bookmarks bar, click Datacenter CB vWAN shortcut. Find the location of this
device in the lab network topology.
8. If you get the This Connection is Untrusted in the browser, proceed by clicking I
Understand the Risks option and Add Exception option to advance. Once on the CB
Virtual WAN login page, type use the following credentials and then click Login:
User Name: admin
Password: password
citrix.com 13
Step Action
9. Once logged on to the CB Virtual WAN appliance, you should see the System Status
window indicating the Virtual WAN Service is currently disabled.
10. The first task we have to do is update the system data and time.
In the CB Virtual WAN interface, click Configuration in the top bar of the GUI.
11. Then, navigate to System Maintenance > Date/Time Settings.
citrix.com 14
Step Action
12. In the Timezone Settings pane select any desired time zone specific to this appliance,
and then click Change Timezone button. Verify the Date/Time after the updated
change. The Virtual WAN technology is highly dependent on accurate time/date
settings on the appliances. Make sure they are accurate and correct.
13. Next, navigate to the Configuration > Appliance Setting > Licensing page and select
the Remote license radial button, then configure the IP address (10.0.76.37) and port
(27000) of the lab license server. Also select the 50Mbps license file from the Model
pull down menu (V50VW). Then click Apply Settings.
14. The next administrative task we have to do is change the console of the CloudBridge
appliance to the Master Control Node console so that we can enable network-wide
VWAN configuration ability.
Navigate to Appliance Settings > Administrator Interface and click Miscellaneous
tab.
citrix.com 15
Step Action
15. In the Miscellaneous tab, click Switch Console button to switch to the Master Control
Node (MCN) console.
Then click OK to confirm the switch to the MCN Console.

NOTE: This will require the GUI to automatically reload in the browser window.
Make sure you are only changing the head-end appliance (https://dcvwan.training.lab)
to be promoted as the MCN. The remote appliances stay as client nodes.
16. When back at the login screen, use the admin/password credentials to log on again.
citrix.com 16
Step Action
The options available in the Configuration tab are different between the appliance that is
enabled as Master Control Node and the appliances that are left default as Client node:
Only the MCN has ability to configure network changes, not only for itself but also for all
remote appliances
Client node only allows access to managing local administration processes and report
on flows local to the site
The Configuration Editor is only available after the head-end appliance is switched to MCN
mode, and is not available on Client nodes. By default, all appliances are shipped in client
mode and only one head-end appliance should be promoted to MCN.
17. To keep the user interface from timing out on you while you build out the configuration
in this exercise, you can change the default UI timeout setting. Navigate to
Configuration > Admistrator Interface > Miscellaneous, increase the default time to
something higher (ex. 240 minutes) and click Change Timeout.
18. When back at the login screen, use the admin/password credentials to log on again.
citrix.com 17
Step Action
19. Log back into the MCN with updated UI timeout, we can now start configuring the
Virtual WAN system.
From home screen, click Configuration tab.
Then, navigate to Virtual WAN > Configuration Editor.
20. If the Configuration Editor help wizard appears, Close the wizard or you can Tour the
Editor to get more familiar with the lay out.
The wizard can be run by clicking the View Tutorial link at the upper right portion of the
page.
citrix.com 18
Step Action
21. The Configuration Editor is where the configuration for all of the networking nodes for
both the local and remote sites of the Virtual WAN are configured.
Please reference the network topology as you build the configuration (Please find a
PDF link in the Appendix of this Lab Guide). First we will walk through building the
configuration for the Data Center CloudBridge network, then for the Remote Branch
network.
22. First create a new configuration file by clicking New.
23. Move the Network Map out of the way to give more room for the Configuration Editor
screen by clicking the move icon.
24. Take a peak in the Virtual WAN Network Settings node. This is where Global Security
Settings are available. We will leave it default for this lab.
We will begin by creating out first site, then datacenter site where this MCN will reside.
On the Sites bar, click Add.
citrix.com 19
Step Action
25. In the Add Site window that appears, type DC_CB_vWAN in the Site Name field, provide an
Appliance Name (DC_VPX) and select CBVPX from the Model drop-down list box, and
leave the mode field default as Primary MCN. This VPX will be configured as the head-
end appliance. Click Add when complete.
26. Under the new DC_CB_vWAN node, expand the Interface Groups node.
27. The Interface Groups are the NIC cards (physical or virtual) available for the appliance
selected in the previous steps.
In the Interface Groups node, click the plus icon to add a new interface group.
citrix.com 20
Step Action
28. In the new interface group line that appears, select 1 and 2 from the Ethernet Interfaces
selector, and then select Fail-to-Block from the Bypass Mode drop-down list box. The
MPLS link is what we are configuring now and it is a private network, so we will select
Trusted from the Security drop-down list box.
Do not click Apply yet.
Note for a physical appliance you would select Fail-to-Wire. If the appliance should fail
due to power failure or software failure, this set bahavior is how the interfaces will
behave.
29. Under Virtual Interfaces, click the plus icon (+) to display more options.
30. Next to Virtual Interfaces, click the plus icon (+) to add a new virtual interface.
citrix.com 21
Step Action
31. Type DC_MPLS in the Name field.
32. Next to Bridge Pairs, click the plus icon (+) to add the association between bridge
interfaces 1 and 2 (note since this is a virtual applaince, there is no physical bridge
association).
33. From the Interfaces drop down menus, select interfaces 1 <-and-> 2. Then click
Apply.
citrix.com 22
Step Action
34. Notice the attention/warning icon that appears to the right of the Interface Group you
just created. This is expected since we have not yet created a related virtual IP address
to work with this group. You will see these attention icons throughout the configuration
editor until the configuration is fully complete. Feel free to poke around to help get a
better understanding of the built-in inteligence of the Virtual WAN Configuration Editor.
Hovering your mouse curser over the attention icon will expose a pop up window with
more detail.
35. We are going to repeat the above process for the second WAN Link to the CB Virtual
WAN appliance.
Click the plus icon (+) next to Interface Groups again.
36. In the new interface group line that appears, select only 3 from the Ethernet Interfaces
selector, and then select Fail-to-Block from the Bypass Mode drop-down list box. This
is a WAN Link that sits behind a Firewall so this will also be set as Trusted. If we
expose this interface directly to the internet, then selecting Untrusted would be
recommended.
citrix.com 23
Step Action
39. Type DC_INET in the Name field and then click Apply. Since we are only leverging one
interface for the second WAN link, we will not need to alter the Bridge Pair like we did
for the MPLS link.
citrix.com 24
Step Action
40. Now that we have the interface groups added to the appliance, we can add the virtual
IP addresses that will be used by those interface groups.
Keep in mind that Interface Groups have a lot of different configuration options, for
example in fail-to-wire appliances you may select interfaces 1 and 2 for the same
Interface Group and enable as Fail-to-Wire for that Interface Group.
Click the plus icon (+) to the left of Virtual IP Addresses.
41. In the Virtual IP Addresses node, click the plus icon (+) to add a new virtual IP
address.
citrix.com 25
Step Action
42. We are now going to leverage the network toplogy to enter the Virtual IP addresses
assigned to us by the network admin. Again, it is always best to lay out the topology,
obtain and pre-define the IP address to be used for the deployment before starting the
configuration process. Type 172.16.20.2/24 in the IP Address/Prefix field, select
DC_INET (0) from the Virtual Interface drop-down list box, and then click Apply.
43. Click the plus icon (+) again in the Virtual IP Addresses node to add the second pre-
assigned IP address.
44. Type 172.16.10.2/24 in the IP Address/Prefix field, select DC_MPLS (0) from the
Virtual Interface drop-down list box, and then click Apply.
citrix.com 26
Step Action
45. The next step is to add the individual WAN Links to the CloudBridge Virtual WAN
appliance.
Click the WAN Links node under the DC_CB_vWAN node.
46. Next, click the plus icon (+) next to WAN Links to add a WAN link.
47. Type DC_INET in the Name field, leave the Access Type set to Public Internet and click
Add.
citrix.com 27
Step Action
48. In the Settings node, click the pencil icon to edit the settings.
49. Under both LAN to WAN and WAN to LAN, set the Physical Rate to 6000, then click
Apply.
We will later enable the WAN emulator on this WAN Link to 6.1Mbps to represent our
Internet connection.
For production deployments, make sure to run SpeedTest or iPerf to obtain the true
speed of the link. If the physical rates are not configured properly, the Virtual WAN
technology will not function optimally.
Also take note of the Public IP Address field. In production deployment, the data
center appliance will need static Public IP addresses for all Public Internet links. This is
where that configuration is entered.
citrix.com 28
Step Action
50. Next, expand the Access Interfaces for that newly added DC_INET node.
51. Click the plus icon (+) to add a new access interface to the appliance.
52. In the new line that appears, leave the Name at its default value, select DC_INET from
the Virtual Interface drop-down list box, and then type 172.16.20.2 in the IP Address
field and then type 172.16.20.1 in the Gateway IP Address field and click Apply.
Again, please reference the topology for IP address information.
citrix.com 29
Step Action
53. Next, we are going to repeat the same process to create the relationship between the
VIP and its Default Gateway for the other WAN link in the CB Virtual WAN appliance.
The MPLS WAN link.
Under WAN Links, click the plus icon (+).
54. In the new window that appears, type DC_MPLS in the Name field, select Private Intranet
from the Access Type drop-down list box and click Add.
citrix.com 30
Step Action
Apply.
Later, we will enable the second WAN emulator to represent a MPLS link at 1.5Mbps.
Again, it is important to configure the correct physical rate values that match the true
measured values in a production environment.
57. Next, expand the Access Interfaces for the newly created DC_MPLS node.
citrix.com 31
Step Action
59. In the new line that appears, leave the Name at its default value, select DC_MPLS from
the Virtual Interface drop-down list box, and then type 172.16.10.2 in the IP Address
field and then type 172.16.10.1 in the Gateway IP Address field.
Enable Proxy Arp, which will allow the appliance to response to ARP Requests to this
Gateway IP address on behalf of that gateway, in the event the Gatway is down or
unreachable. This allows the LAN network to continue sending traffic to their
configured gateway where the Virtual WAN techology can intercept and delivery across
other more available WAN links. Make sure to click Apply.
60. The last part of configuring the datacenter-side of the Virtual WAN configuration is to
add the routes to the other internal networks. Static routes are needed so that the
CloudBridge Virtual WAN applaince knows what gateway to send traffic to in order to
reach the backend LAN networks.
Under the DC_CB_vWAN site, expand the Routes node.
61. In the Routes node, click the plus icon (+) to add a new route.
citrix.com 32
Step Action
62. In the new line that appears, type 172.16.11.0/24 in the Network IP Address field, type
172.16.10.254 in the Gateway IP Address field, and then click Apply.
This route informs the Virtual WAN appliance of the next-hop how to reach the Video
and FTP server subnets. Again, please reference the network toplogy for the IP
address information.
63. Repeat this process for the 172.16.12.0 network.

In the Routes node, click the plus icon (+) to add a new route.
64. In the new line that appears, type 172.16.12.0/24 in the Network IP Address field, type
172.16.10.254 in the Gateway IP Address field, and then click Apply.
This route informs the appliances on how to reach the iPerf server.
65. Take note that the next node is High Availability. In this lab we will not be configuring
HA, but note that this is location where to enable that.
citrix.com 33
Step Action
66. You can minimize the DC_CB_vWAN site in the GUI at this time. Notice, if the
configuration is correct, there will be no red warning icons in the Sites section at this
time.
Do not log out from the user interface Configuration Editor. The next section will be a
continuation of this exercise.
Exercise Summary
In this exercise, you set the system data/time and identified where to install a license file. Then
promoted the datacenter-side CloudBridge Virtual WAN VPX to a Master Control Node and
configured the datacenter-side Virtual WAN node using the Configuration Editor on the MCN.
citrix.com 34
Exercise 2: Remote CloudBridge Virtual WAN node
Configuration
Overview
The remote-side of the CloudBridge Virtual WAN will be configured next. The remote node of
the Virtual WAN is configured in the same location as were we configured the datacenter-side
CB Virtual WAN VPX. The configuration for the remote appliance will be pushed down to the
remote appliance in a later exercise.

Configure the remote CloudBridge Virtual WAN node
Prepare the configuration to be replicated down to the Remote CloudBridge Virtual WAN
appliance
DC_CB_vWAN
citrix.com 35
Step Action
1. While still logged on to the DC_CB_vWAN appliance, click the Add button in the Sites
bar.
2. In the Add Site window, type Remote_CB_vWAN in the Name field, Remote_VPX for the
Appliance Name, and select CBVPX from the Model drop-down list box, leave all other
fields at their default values and click Add.
Since this is a remote office site configuration, the Mode is defaulted to client.
3. Under the new DC_CB_vWAN node, expand the Interface Groups node.
citrix.com 36
Step Action
4. In the Interface Groups node, click the plus icon (+) to add a new interface group.
5. In building out this remote site node, we could deploy it similar to the data center node in
Inline Mode, but in this exercise, we will run through a different deployment mode:
Gateway Mode. Gateway mode results in a network outage for that site if the Virtual
WAN appliances should crash or have a power failure. It is not recommended for
production unless the customer is okay to have outage for that particular site and has
the appropriate onsite resources to bring the site back up in the event of outage. This
deployment mode will become very important as Citrix expands on routing technology
and continues to expand the SD-WAN functionalities.
Again, reference the network topology for a better understanding of the deployment.
To begin Gateway Mode deployment for this remote node, first in the new interface
group line that appears, select 1 from the Ethernet Interfaces selector, and then select
Fail-to-Block from the Bypass Mode drop-down list box.
citrix.com 37
Step Action
8. Type Remote_MPLS in the Name field and then click Apply.
Take note that we are deploying inline, but we are only assigning one interface to the
MPLS WAN link.
9. We are going to repeat this same process for the other two network connections to the
CB Virtual WAN appliance.
In the Interface Groups node, click the plus icon (+) again to add a new interface group.
10.
In the new interface group line that appears, select 3 from the Ethernet Interfaces
selector, and then select Fail-to-Block from the Bypass Mode drop-down list box.
Note the order in which Inteface Groups are added does not matter.
citrix.com 38
Step Action
12.
Next to Virtual Interfaces, click the plus icon (+) to add a new virtual interface.
13.
Type Remote_INET in the Name field and then click Apply.
14.
In the Interface Groups node, click the plus icon (+) again to add a new interface
group.
citrix.com 39
Step Action
15.
In the new interface group line that appears, select 2 from the Ethernet Interfaces
selector, and then select Fail-to-Block from the Bypass Mode drop-down list box.
16.
Under Virtual Interfaces, click the plus icon (+) to display more options.
17.
Next to Virtual Interfaces, click the plus icon (+) to add a new virtual interface.
18. Type Remote_LAN in the Name field and then click Apply.
The CloudBridge will use this interface to advertise the gateway IP address for all client
hosts located at this site.
citrix.com 40
Step Action
19. Now that we have the interface groups added to the appliance, we can add the virtual IP
addresses that will be used by those groups.
Click the plus icon (+) to the left of Virtual IP Addresses.
20. In the Virtual IP Addresses node, click the plus icon (+) to add a new virtual IP address.
21. Type 172.17.10.1/24 in the IP Address/Prefix field, then select Remote_LAN from the
citrix.com 41
Step Action
22. We are going to repeat this same process twice more for the other virtual IP addresses
we need to use for this lab.
Click the plus icon (+) again in the Virtual IP Address node.
23. Type 172.17.20.2/24 in the IP Address/Prefix field, then select Remote_INET from the
24. Click the plus icon (+) again in the Virtual IP Address node.
citrix.com 42
Step Action
25. Type 172.17.30.2/24 in the IP Address/Prefix field, then select Remote_MPLS from
the Virtual Interface drop-down list box, and then click Apply.
26. The next step is to add the WAN links to the Remote-side of the Virtual WAN
configuration.
Click the WAN Links node under the Remote_CB_vWAN node.
citrix.com 43
Step Action
27. Next, click the plus icon (+) next to WAN Links to add a WAN link.
28. Type Remote_INET in the Name field, leave the Access Type set to Public Internet and
click Add.
citrix.com 44
Step Action
30. Under both LAN to WAN and WAN to LAN, set the Physical Rate to 6000, and then click
Apply.
Note again that speeds configured should be configured accuratly to reflect less then the
true speeds of WAN link.
Note the Autodetect Public IP field. In a production environment, for the branch nodes
you would enable this option in use with Public Internet WAN. The data center node has
the static IPs defined in the Public IP Address, and all branch offices will be learned
dynamically using the auto-detect feature.
citrix.com 45
Step Action
31. Next, expand the Access Interfaces node.
33. In the new line that appears, leave the Name at its default value, select Remote_INET
from the Virtual Interface drop-down list box, type 172.17.20.2 in the IP Address field,
type 172.17.20.1 in the Gateway IP Address field, and then click Apply.
citrix.com 46
Step Action
34. Next, we are going to repeat the same process to create another WAN link in the CB
Virtual WAN appliance for the MPLS WAN link.
Under WAN Links, click the plus icon (+) again.
35. Type Remote_MPLS in the Name field, select Private Intranet from the Access Type
drop-down list box, and then click Add.
citrix.com 47
Step Action
citrix.com 48
Step Action
Apply.
38. Next, expand the Access Interfaces node.
citrix.com 49
Step Action
40. In the new line that appears, leave the Name at its default value, select Remote_MPLS
from the Virtual Interface drop-down list box, type 172.17.30.2 in the IP Address field,
type 172.17.30.1 in the Gateway IP Address field, and then click Apply.
Note that we are not enabling Proxy Arp here. This is because this site is being
deployed in Gateway Mode, thus proxy arp is not applicable.
41. You can minimize the Remote_CB_vWAN site in the GUI at this time.
You should not see any red warning icons on the Sites section of the Configuration
Editor. This indicates proper configuration.
Do not log out from the interface.
Exercise Summary
In this exercise, you configured the networking settings for the remote-side CloudBridge Virtual
WAN appliance on the Master Control Node Configuration Editor.
citrix.com 50
Exercise 3: Finalizing the Virtual WAN Configuration
Overview
Now that the datacenter and remote sites have been configured, they need to have the WAN
Path connection information configured so that they will communicate over the WAN link at each
site. The configuration also needs to be saved and exported for use on the Remote CloudBridge
VIRTUAL WAN appliance.

1. Configure the CloudBridge Virtual WAN path relationships
2. Save the Virtual WAN configuration
3. Export the configuration
DC_CB_vWAN
citrix.com 51
Step Action
1. While still logged on to the DC_CB_vWAN appliance, click the Connections bar.
2. Expand the Remote_CB_vWAN node.
3. Then expand the Virtual Paths node.
citrix.com 52
Step Action
4. Next, expand the DC_CB_vWAN-Remote_CB_vWAN node.
5. Finally, expand the Paths node.
6. In the Paths node, click the plus icon (+) to add a new path.
As you can notice, the INET paths to and from each respective site has been
automatically set for you by the Configuration Editor. The MPLS paths are missing and
must be manually added. The Config Editor does not automatically create Private
Intranet link relationships, it only automatically creates Public Internet links.
citrix.com 53
Step Action
7. In the Add Path window, select Remote_CB_vWAN from the From Site drop-down list
box, then select Remote_MPLS from the From WAN Link drop-down list box and
select DC_MPLS from the To WAN Link drop-down list box, then make sure Reverse
Also is selected and click Add.
8. The Paths node should look like this:

Two WAN Links (MPLS and INET) would result in four unique WAN Paths covering both
directions of flow. As an expample, if we had three WAN Links to work with, we would
expect six unique WAN Paths here.
You should also have zero (0) Audit alerts in the bottom-left corner of the screen.
Informing you of a clean configuration file with no detected issues.
If you still have Audit alerts, verify all of your settings to ensure they are correct.
citrix.com 54
Step Action
9. Now that the configuration is complete, it must be saved and then exported for use on
the remote-side CloudBridge Virtual WAN appliance.
Click the Save As button at the top of the Configuration Editor screen.
10. Type Demo_Ex3 in the Package Name field, and then click Save.
Exercise Summary
In this exercise, you configured the CloudBridge Virtual WAN path relationships, and saved the
configuration file.
citrix.com 55
WAN Provisioning
citrix.com 56
Exercise 4: Provision the MCN Using the Saved
Configuration File
Overview
Now that the configuration file is fully complete and there are zero audit warnings, it is time to
apply this configuration first to the MCN and upload the latest software and then apply the
configuration to the remote branch in the next exercise.

Update the MCN with the saved configuration and upload the latest software
DC_CB_vWAN
citrix.com
57
Step Action
1. While still in the MCN Configuration Editor, we have to export the configuration.
Click Export, at the top of the Configuration Editor screen.
2. Select Change Management Inbox from the Destination drop-down list box, if not
already selected by default, and then click Export.
The Configuration File is now ready and waiting in the Change Management page for
provisioning.
3. Navigate to Virtual WAN > Change Management to start the MCN provisioning
process.
citrix.com
58
4. Click the Begin button to proceed after reviewing the Change Process Overview.
5. Next to Upload software packages specific to the appliances selected when creating the
datacenter and remote branch in the configuration editor, click the Browse button.
citrix.com
59
6. In the File Upload window that appears, navigate to the Documents > CB_vWAN >
vWAN Software, and then select the cb-vw_CBVPX_8.1.0.95.tar.gz file and then click
Open.
If this was a production deployment with phsycial appliances, you would browse and
upload individually each software package one at a time. Note that there will be a
unique file for each applaince; 4000-VW, 2000-VW,1000-VW, 400-VW. You only need
to upload the software package for the appliances in your network, in this lab we only
have CB VPX, so we will only upload the VPX software package.
7. Click Upload.
citrix.com
60
8. After the file is done uploading, the page will display Upload complete and the
Software box will populate with Model(s) CBVPX, click Next.
NOTE: If this was a production deployment, and CB4000-VW was used at the
datacenter and CB1000-VW was used at the branch office, both respective sotware files
would be required to be uploaded at this point.
The same process can be used in upgrading to the next release of software.
9. In the Verification Results window that appears, verify that the results say The
Configuration is valid and then click Ok.
citrix.com
61
10. In the License window that appears, check the box to accept the EULA and click Ok.
11. On the Appliance Staging screen, click the Stage Appliances button.
12. A progress bar will appear showing the transfer progress.
citrix.com
62
13. When the transfer progress is complete, click the Next button.
14. On the Activate screen, click the Activate Staged button to activate the changes that
have been made to this data center appliance.
15. A warning box appears to let you know that the remote appliance has no running
configuration. Click OK to confirm that the package we created will be used for that
purpose.
citrix.com
63
16. Now that the appliances have been activated, the configuration can now be activated.
Click the Activate Staged button.
17. Click OK to switch the Active software/config to the one on the staged area.
18. The appliance activates inside of a 120 second clock.
citrix.com
64
19. When activation is completed, click the Done button.
You will be returned to the Dashboard screen.
20. Now we can enable the Virtual WAN Service.

Click the Configuration tab at the top of the screen.
citrix.com
65
21. Navigate to Virtual WAN > Enable/Disable/Purge Flows.
22. Click the Enable button.
23. Click OK to confirm enabling the service.
24. You should see that the Virtual WAN Service is enabled at the top of the screen.
citrix.com
66
25. Navigate back to the Change Management page (Configuration > Virtual WAN >
Change Management) and validate using the table at the bottom of the page that the
DC Site-Appliances is populated with Currently Active Software and Config.
Make note that the Remote_CB_vWAN-Appliance is listed as Not Connected. The

next exercise will walk you through addressing that.
Exercise Summary
In this exercise, you applied the configuration to the MCN, and also uploaded the needed
software packages specific to the data center and remote site appliance. You also enabled the
Virtual WAN Service for the MCN appliance.
citrix.com
67
Exercise 5: Applying the Configuration to the Remote
Appliance
Overview
We have saved and exported the configuration file to the MCN, and we have applied and
uploaded the needed software packages for the appliance in the Virtual WAN environment.
From the MCN Change Management you will now download the software and configuration
bundle that is intended for the remote site appliance and upload it manually. After this first time
manual procedure, subsequent software and configuration changes can be done through the
MCNs communication to remote branches over the Virtual Paths and the below steps can be
skipped.

Download and apply the Software/Configuration package to the remote CloudBridge
Virtual WAN appliance
Enable the Virtual WAN Service on the Remote CloudBridge appliances
DC_CB_vWAN Remote_CB_vWAN
citrix.com
68
Step Action
1. While still logged on to the DC_CB_vWAN appliance, navigate to Virtual WAN >
Change Management.
2. In the table at the bottom of this page, find the Remote_CB_cWAN-Remote_VPX row,
click the active hyperlink under the Download Package column.
CAUTION: Please make sure to select active link that belongs to the Remote_CB
row. Selecting anything any other configuration and applying it to the improper
appliance will result in improper connunication between the appliances.
citrix.com
69
Step Action
3. Select Save File from the pop-up window and click OK.
4. Now open a new tab, in the Firefox browser and click the Remote CB vWAN bookmark
to open the UI for the Remote CloudBridge Virtual WAN device.
5. Log in with admin/password credentials.
citrix.com
70
Step Action
6. Navigate to Configuration > System Maintenance > Date/Time Settings. In the
Timezone Settings pane select any desired time zone specific to this appliance, and
then click the Change Timezone button. Verify the Date/Time after the updated
change.
7. Next, navigate to the Configuration > Appliance Setting > Licensing page and select
the Remote license radio button, then configure the IP address (10.0.76.37) and Port
27000 of the lab license server. Also select the desired license file to be pulled down
from the license server, V50VW. Then click Apply Settings.
citrix.com
71
Step Action
8. On the dashboard, click on the Local Change Management button. Which will navigate
you to the Configuration > System Mantenance > Local Change Management page.
9. Click Browse and upload the previously saved Remote appliance software/configuration
package in the Downloads directory. Then click Open.
citrix.com
72
Step Action
10. Click the Upload button. After a successful upload, the UI will update with Upload
Complete.
11. Click Next, after the Upload is complete
citrix.com
73
Step Action
12. Now that the appliances have been activated, the configuration can be activated.
Click the Activate Staged button.
13. Click OK to switch the Active software/config to the one on the staged area.
14. The appliance activates inside of a 120 second clock.
citrix.com
74
Step Action
15. When activation is completed, click the Done button.
You will be returned to the Dashboard screen.
16. Now we can enable the Virtual WAN service.

Click the Configuration tab at the top of the screen.
citrix.com
75
Step Action
17. Navigate to Virtual WAN > Enable/Disable/Purge Flows.
18. Click the Enable button.
19. Click OK to confirm enabling the service.
20. You should see that The Virtual WAN Service is enabled at the top of the screen.
citrix.com
76
Step Action
21. Switch to the Monitoring tab at the top of the screen, and you will see the Path State
and Virtual Path Service State showing GOOD for all links.
There may be a few things that may prevent this from working.
The WANem virtual machines were not started from XenCenter
The licensing was not pointed to the remote license server on both CloudBridge
devices
The Virtual WAN Service was not enabled on both Virtual WAN devices
The configuration was not properly exported to the remote CloudBridge, or the
configuration is incorrect
There are saved configurations in the C:\Users\localuser\Documents\CB
vWAN\vWAN-Configuration directory of the Student Desktop, where the students can
perform the following quickly to catch up to this exercise with known good configuation:
1. Start exercise # 1 and complete up to step 20
2. Instead of building a config, upload the saved configuration Demo_Ex3
3. Complete the Change Management process by exporting Demo_Ex3
You can save and load the issue configuration and go back to it once the environment is
confirmed to be working properly with the known good configiration file.
Exercise Summary
In this exercise, you downloaded the software and configuration package from the MCN and
manually uploaded it to the remote CloudBridge Virtual WAN device using its local user
interface. Enabled the service and validated proper Virtual Path communication between the
two CloudBridge Virtual WAN devices.
citrix.com
77
WAN Customization
citrix.com
78
Exercise 6: Customization of the Rules and Classes
Overview
Now that we have fully installed and configured a Virtual WAN environment consisting of a Data
Center MCN and one Remote Office Client node, we can now make some customization to the
default rules and classes to highlight key features of the solution in the subsequent exercises.

Edit the Configuration file to properly identify iPerf and Video Server traffic based on IP
and port
Push the new configuration using only the MCN to update both the MCN and Remote
CloudBridge
DC_CB_vWAN Remote_Client iPerf
citrix.com
79
Step Action
1. On the Student Desktop, navigate back to the MCN UI to make some changes to the
saved configuration file.
In the Firefox browser, click the Datacenter CB vWAN shortcut in the bookmark bar and
log in with admin/password credentials.
2. Navigate to the MCN > Configuration > Virtual WAN > Configuration Editor page and
click Open button to open your last saved config file (e.g. Demo_Ex3).
3. In the Configuration Editor, expand your saved config file to show the Connections
sections. Then navigate to the Default Sets > Virtual Path Default Sets.
citrix.com
80
Step Action
4. Click the plus icon (+) to add a new Virtual Path Default Set, which we can apply to all
Virtual WAN nodes that we add to this environment.
Notice that the system will make available 17 classes for you, and class 10-16 will be
pre-populated and associated with Realtime, Interactive, and Bulk classes. With the
Interactive class configured even further to have QoS in place to separate the Interactive
class into sub-classes of High, Medium, Low and Very Low.
Click Apply to proceed.
Note: Because of the large table size, the location of the Apply button may be difficult to
find. Please zoom out on the browser or close the network map in order to see the
Apply button.
citrix.com
81
Step Action
5. Expanding the Rules for this New_Virtual_Path_Default_Set, you can see that there
are no default Rules in place.
6. Further down in the Connections sections, you can expand the Application node to
take a look at the existing applications configured by default. Here we can also add
custom applications. Notice that IPERF is an application that is available by default on
the system.
citrix.com
82
Step Action
7. On the Applications section, create a New Application by clicking the plus icon (+).
Then click Close.
8. Then click on New_Application to rename it to VideoServer.
9. Navigate back to the Default Set > Virtual Path Default Set >
New_Virtual_Path_Default_Sets > Classes and click the pen icon to edit our first
class.
citrix.com
83
Step Action
10. Navigate down the table and edit class_6, by renaming the class to class_6-
VideoServe and altering the Type to Interactive. Allocate 70 for both Initial Share %
and Sustained Share %.
11. Next edit class_7 by renaming the class to class_1-iPerf and altering the Type to
Interactive. Allocate 20 for both Initial Share % and Sustained Share %.
Between Video and iPerf traffic, this QoS setting gives Video traffic a much larger share
of the bandwidth when contention occurs.
Please make sure to click the Apply button to save the QoS changes.
citrix.com
84
Step Action
12. Navigate back to the Default Set > Virtual Path Default Set >
New_Virtual_Path_Default_Sets > Rules and click the plus icon (+) to add a new
custom rule.
We will use these custom rules to filter both the IPerf and Video Sever traffic in order to
utilize these applications in subsequent exercises.
13. In the table for the new custom rule, in the Application Name column select the
previously created VideoServer.
14. In the new custom rule, for the IP Address Source column input the production/data
path IP address of the Video Server (172.16.10.22/32). Select Dest=Src to catch the
traffic in the reverse direction as well.
citrix.com
85
Step Action
15. In the new custom rule, for the Protocol select TCP and for the Port Source column
input 80 since the Video Server is configured to deliver video over
http://172.16.10.22:80. Select Dest=Src to catch the traffic in the reverse direction as
well.
16. Click the plus icon (+) on this new rule to expand the node for additional configuration
options.
17. With the new custom rule expanded, we can now leverage the Initialize Properties
Using Protocol option to quickly have the system pre-populate the remaining of the
settings to the system expected configuration.
Lets make custom configuration changes, by selecting Transmit Mode to be Persistent
Path. Please special note this location where the Transmit Mode can be changed.
citrix.com
86
Step Action
18. Expand the LAN to WAN node of the current custom Video Server rule to properly make
the association between this rule and the Video Server class we configured in an earlier
step. From the General section, Class drop-down, select 6 (class_6-VideoServer).
Click the Apply button to save the new custom rule.

You may encounter a warning icon, for now please ignore we will be addressing that
later in this exercise.
19. Run through the same process to create a rule for the iPerf traffic (IP 172.16.10.21/32
and TCP port 5001) and make the association between iPerf rule and iPerf class
7(class_7-iPerf). Make use of the Initialize Properties Using Protocol button to help
pre-populate some of the fields.
Click Apply to save the new custom rule.
citrix.com
87
Step Action
20. We will now apply the New_Virtual_Path_Default_Set to the Virtual Path Service of the
network.
Under the Connections section, expand the DC_CB_vWAN node. Continue
expanding with Virtual Paths > DC_CB_vWAN-Remote_CB_vWAN > Local Site >
Basic Settings.
21. In the Basic Settings, click the pen icon to edit the Default Set field to select the
New_Virtual_Path_Default_Set option.
Apply the setting.
citrix.com
88
Step Action
22. Notice that the Remote office node also has the same default set update.
Connections > Remote_CB_vWAN > Virtual Paths > DC_CB_vWAN-
Remote_CB_vWAN > Local Site > Basic Settings.
23. At this point, Save As your new config file with file Package Name Demo_Ex6.
24. Export the saved config to the Change Management inbox.
citrix.com
89
Step Action
25. Navigate to the Configuration > Virtual WAN > Change Management page and run
through the Change Preparation, Appliance Staging, Activate Staged process.
You should be already familiar with the change management process. By navigating to
this page, you should automatically land on Change Preparation. If you dont that
means that there was a previous change management that was left halfway complete,
you can proceed with canceling the current process and again Export the desired config
to land on Change Management > Change Preparation.
26. Make note that even the Remote CloudBridge device has been updated with the new
config, because it had already had a Virtual Path relationship with the MCN.
We can skip the step of downloading the active package and uploading it manually.
Exercise Summary
In this exercise, you took an existing active Virtual WAN environment and made rule and class
changes to the configuration, and pushed it out to remote office using only the MCN.
citrix.com
90
Exercise 7: WAN Link Bonding/Aggregating Using iPerf
Overview
The lab environment comes provisioned with two WAN emulators that are used to show the
bonding (WAN link aggregation) ability of the CloudBridge Virtual WAN solution. One WAN
emulator will be configured as a 1.5 Mbps MPLS link, and the second WAN emulator as a 6
Mbps ADSL Internet link. We will start by setting the ADSL Internet link to 100% packet loss
which will bring down the link in the below exercise to show the before scenario without Virtual
WAN technology. Then we will bring it up with 0% loss with CloudBridge Virtual WAN to bond
multiple WAN Links and push a single application (ex. iPerf) across the bonded bandwidth of
the two WAN links.

Showcases the WAN bandwidth bonding ability of CloudBridge Virtual WAN for a single
flow
Remote_Client iPerf
citrix.com
91
Step Action
1. From XenCenter tool, individually right-click and Start the following VMs:
Remote_Client, iPerf, and Video_FTP.
2. Allow the VMs to fully boot. You can monitor the progress from the Console Tab on
XenCenter.
citrix.com
92
Step Action
3. We are going to have to configure the WAN link speed and the latency on each of the
WAN emulators.
In the Firefox browser, open a new tab and click the INET WANem shortcut in the
bookmark bar.
Note that this WAN emulator has a short duration timeout of the user interface, and if left
running to long without interaction the UI will time out without any alert. Make sure your
changes have been accepted by clicking refresh on the browser.
4. Next, click the Advanced Mode link in the toolbar.
5. Leave the default value of eth1, and click Start.
citrix.com
93
Step Action
6. Since this is the Internet WAN link, we will want to set the bandwidth accordingly.
Next to Choose BW, select Standard ADSL Downstream - 6.144 Mbps from the drop-
down list box, and then type 100 in the Loss (%) field, and then click Apply settings.
If you do not see the update, refresh your browser and try again.
7. In the browser navigate back to the CloudBridge Virtual WAN UI and confirm the report
matches up with the 100% packet loss setting on the Internet WAN Emulator.
Open a new Firefox tab and select the Datacenter CB vWAN shortcut in the bookmark
bar. Log on using the admin/password credentials.
Navigate to the Monitoring > Virtual WAN > Statistics screen.
citrix.com
94
Step Action
8. Confirm that both the WAN Paths to and from the remote site on Internet are reported
as Dead. You may have to refresh the page to see the latest reported status.
A few things may prevent this. The web browser to the WANem was left open to long
and the session timeout. Refresh the web broser to the WANem make sure the setting
is applied. If the session to the student desktop is left open and work is picked up later
in the day, there may be some connectivity issues to the license server, make sure
licensing is still valid.
9. From XenCenter, select the Remote_Client VM, then select the Console tab at the top
of the window.
10. Log on to the Remote Client using the following credentials:

User: CitrixAdmin
Password: Citrix456
citrix.com
95
Step Action
11. Click No, on the prompt asking to find PCs, devices, etc.
12. jPerf 2.0.2 has been installed on the Remote_Client VM as a tool to help validate the
available WAN link speed between the remote site and the datacenter site.
Double-click jperf shortcut to launch the application tool.
citrix.com
96
Step Action
13. In the jPerf application, first select the Server radio button and click Run iPerf! button to
initiate the application as the server to start listening on port 5001. For more information
on Iperf please refer to the following website: https://iperf.fr/
Take note that the internal IP address of the Remote_Client VM is 172.17.10.10. You
can run ipconfig in a command prompt to identify this, also that that the client has a
management interface of 192.168.10.55. Route print command can help identify how
the traffic is being routed through this particular Windows VM that is configured with two
subnets.
14. The Remote_Client VM also has the PuTTY application installed. PuTTY can be found
as a shortcut on the desktop of the Remote_Client. Launch PuTTY and connect to the
iPerf Linux VM located in the data center across the WAN emulators.
citrix.com
97
Step Action
15. Putty contains a saved session to the iPerf (172.16.10.21) server. Select the
root:password @ 172.16.10.21 (iPerf) saved session and click Open.
Click Yes, if you encounter a PuTTY Security Alert window.
16. In the PuTTY window that opens, give it some time to log in, and when prompted type
password and press Enter.
The resulting screen should look like this:
citrix.com
98
Step Action
17. Within the putty session to the iPerf server, type the following command and press
Enter:
iperf -c 172.17.10.10 -t 6000 -i5 -w 10M
This will initiate an iPerf test to test bandwidth speed between sites. For more
information on iPerf please visit: https://iperf.fr/iperf-doc.php
18. The jPerf application on the Remote_Client VM will report the results of the bandwidth
test and should show close to a ~1.3Mbps result if everything is configured correctly.
Keep in mind that there is a 40 byte per packet overhead for the Virtual WAN
transportation protocol, and also note that iPerf reports available bandwidth. Meaning if
there is any other traffic, like management traffic running across the same link iPerf
results will be lower than expected. That is why we will not see the full 1.5 Mbps.
citrix.com
99
Step Action
19. Back on the Student Desktop, switch back to the open Firefox browser with the WANem
INET configuration window.
On the Internet WANem you can now change the 100% packet loss and replace it with
0% packet loss.
Type 0 in the Loss (%) field and then click the Apply settings button.
If you change tabs to the CB vWAN configuration utility, this should bring up the Dead
WAN paths on the Virtual WAN reporting to a Good state. Take note that the links first
transistions to a Bad or yellow state before it goes green. This is because Virtual WAN
does not commit traffic to any new path until it first tests and validates the link to make
sure its safe to commit for production traffic.
20. Now that the Path State is Good, the resulting jPerf graph should update and show the
aggregation benefits with the CloudBridge Virtual WAN solution. The graph jumps from
~1.3Mbps to ~6.6Mbps of aggregated bandwidth between sites. This validates the path
aggregation ability for a single application flow. It also proves that the solution delivers
by the packet and doesnt just do path assignment.
citrix.com
100
Step Action
21. You can also navigate to the Monitoring > Flows page to get detailed information about
the connection and the current path that it is taking.
22. Switch to the open PuTTY session, and press Ctrl+C to stop the iPerf test.
And on the jPerf application, click the Stop IPerf! button
Exercise Summary
In this exercise, you showcased a key feature of the Virtual WAN technology, by taking a single
TCP flow and allowing that flow to utilize two distinct WAN paths simultaneously for delivery.
citrix.com
101
Exercise 8: Solving Congestion using CloudBridge Virtual
WAN QoS
Overview
Similar to the previous exercise, you can run through the same exercise to first show a
bandwidth congestion issue with the single 1.5 Mbps MPLS link and the impact that has on
contenting applications. Then you can enable the VIRTUAL WAN to augment the 1.5Mbps link
with an added 6.1 Mbps Internet link (100% to 0% Loss), which addresses the congestion issue
by adding bandwidth, and in turn improves the end-user experience with the applications.

Demonstrate the effectiveness of CloudBridge Virtual WAN for solving congestion issues
while watching video.
Remote_Client iPerf
citrix.com
102
Step Action
1. First, we are going to return to the INET WANem configuration utility and change the
packet loss back to 100%.
Type 100 in the Loss (%) field and click Apply settings.
2. Next, we are going to configure the MPLS WAN emulator with a bandwidth of about 1.5
Mbps with 0% packet loss.
Open a new Firefox tab and then click MPLS WANem in the bookmark toolbar.
citrix.com
103
Step Action
3. Click the Advanced Mode link, and click Start.
Leave the default value of eth1 in the drop-down list box and click Start.
4. Select T-1, DS-1 North America 1.544 Mbps from the Choose BW drop-down list
box and click Apply settings.
citrix.com
104
Step Action
5. Switch to the CloudBridge vWAN tab in Firefox, and click Refresh on the Statistics
screen. You should see that the INET link is DEAD.
6. Return to the Remote_Client VM Console tab in XenCenter.

In the open JPerf application screen, select Server and click the Run IPerf! button.
In the open PuTTY screen, press the arrow up key on your keyboard to recall the last
command and then press the Enter key.
7. Switch to the open and running JPerf screen, and you should see a resulting throughput
of approximately 1.3 Mbps of throughput.
citrix.com
105
Step Action
8. Within the Remote_Client console, open a new Internet Explorer window (the
homepage should be a video player, if not type in the address http://172.16.10.22). This
video is sourced from the Video_FTP server on the backend of the datacenter. You
should position the Internet Explorer window to the side, because you want to view the
Video website and at the same time view the jPerf graph results.
Note: You may also need to clear the cache by removing the ability to preserve website
data in order to run this test.
IE Settings > Safety > Delete browsing history
Uncheck Preserve Favorites website data and select Temporary Internet files and
website files and Cookies and website data and click the Delete button. Then restart
the browser. Click the Play button to start the video, then watch the effect it has on the
iPerf graph. You should notice that Video is very slow to buffer due to limited 1.5 Mbps
link available. And with the QoS policy in place, iperf will suffer as soon as the video
starts to stream data.
citrix.com
106
Step Action
9. As soon as the Video starts, the graph of the iPerf test should show the impact of
introducing the Video Stream. The Video Stream takes all the available bandwidth
causing the iPerf to utilize the remaining bandwidth left over. This illustrates how the
iPerf application (representing typical applications like CIFS, MAPI, FTP) suffers while
interactive traffic like Video takes precedence on the available WAN link.
If you don't see this behavior, make sure to clear the browser cache and try again.
10. Enable the Virtual WAN solution to bond additional bandwidth to the existing 1.5Mbps
MPLS WAN link and showcase how this solution resolves the congestion issue
illustrated above.
Switch to the Firefox tab with the INET WANem configuration window open.
Type 0 in the Loss (%) field and then click Apply settings.
citrix.com
107
Step Action
11. Switch to the CloudBridge vWAN tab in Firefox, and then click the Refresh button on
the Statistics screen.
The state of the INET link should return to GOOD.
12. Switch back to the Remote_Client VM Console and view the jPerf console.
The jPerf graph should update and show the aggregation benefits with the CloudBridge
Virtual WAN solution. The graph jumps to ~6.5Mbps of bandwidth available for the iPerf
traffic.
You should also notice an improved ability for the web browser to buffer the Video a lot
faster. Due to the nature of the simple Video Server in this demo, please do not
expect improved Video quality, there is no mechanism in place to change the
Video resolution based on available bandwidth.
Exercise Summary
In this exercise, you used QoS setting configured in a previous exercise to show how end user
experience is impacted during times of congestion, and then you unleashed the link aggregation feature
in Virtual WAN allowing all applications to freely use all the available bandwidth.
citrix.com
108
WAN Upgrade
citrix.com
109
Exercise 9: Upgrade Procedure
Overview
In this demonstration, we walk through the upgrade procedure for the Virtual WAN environment.
With Virtual Path communication between appliances, upgrade and configuration changes are
easily pushed through the Virtual Path to all remote office appliances from the MCN.

Upgrade the Virtual WAN from 8.1 to 9.0 beta
Prep the WAN link configurations for the next exercise
DC_CB_vWAN
citrix.com
110
Step Action
1. First, open the MCN user interface.
2. Navigate to the Configuration > Virtual WAN > Change Management page and click
Begin
3. Navigate to the Configuration > Virtual WAN > Change Management page click
Browse.
citrix.com
111
Step Action
4. In the File Upload window, navigate to the \Documents\CBvWAN\vWAN-
Software\VW Upgrade directory and select the cb-vw_CBVPX_9.0.0.319.tar.gz file,
and click Open. Note, for production installations, you will need to download and upload
the files specific to appliances being used in the environment.
5. Click the Upload button when the file has been selected.
citrix.com
112
Step Action
6. The status will update as Upload complete, and the uploaded model will be listed with
the corresponding software. Click Next to proceed.
7. Click Ok to accept the Verification Results.
citrix.com
113
Step Action
8. Accept the license agreement and click Ok.
9. Click Stage Appliances.
10. Notice the table below to identify the state of the software upgrade for each appliance in
the Virtual WAN environment.
citrix.com
114
Step Action
11. Once the Appliance Staging is at 100%, click Next to proceed.
12. CClick Activate Staged to flip to the prepped software from the current.
l
i
c
k
citrix.com
115
Step Action
13. AAfter the two-minute activation process, click Done. The browser will refresh to the new
f
t
updated user interface. Log out and log back in if you encounter any browser cache
eissues.
r
t
h
e
14. You can now log

Y into the Remote CloudBridge UI and validate that the above process
o
also updated the
u
remote appliance in addition to head-end MCN appliance.
c
a
n
Exercise Summary
In this exercise, we uploaded and pushed out both configuration and software across the Virtual
WAN network to all Virtual WAN appliances from a single central location, the MCN.
citrix.com
116
WAN Virtual WAN Center
citrix.com
117
Exercise 10: Introduction to Virtual WAN Center
Overview
In this exercise, we will introduce you to Virtual WAN Center, the central Analytics tool for the
Virtual WAN environment. Virtual WAN Center serves as a single pane of glass for Virtual WAN
management, WAN performance monitoring, and application monitoring.

Configure Virtual WAN Center to communicate with the Virtual WAN environment we
have built in the previous exercises.
Remote_Client Virtual WAN

Center
citrix.com
118
Step Action
1. From XenCenter tool, individually right-click and Start the following VMs:
CB_vWAN_Center and DC_LAN_Router.
2. Allow some time for the VM to boot. From the StudentDesktop, launch Firefox internet
browser. There should be a shortcut in the bookmark toolbar to launch the CB vWAN
Center user interface:
3. Select I Understand the Risks for the Connection is Untrusted warning, and Add
Exception.
citrix.com
119
Step Action
4. Log in to Virtual WAN Center with the default credentials: admin/password
5. Navigate to the following location to adjust the IP Address assignment.

Administration > Global Settings > Management Interface
In this exercise, we will not be changing the IP address of Virtual WAN Center, but now
you know where to find it.
6. Navigate to the following location to adjust the system date and time.
Administration > Global Settings > TimeZone
Select the desired Time Zone location and click Apply.
citrix.com
120
Step Action
7. Now that the basic administrative work is complete, we will walk through the process of
adding the Virtual WAN appliances to Virtual WAN Center.
a) On the Virtual WAN Center user interface navigate to Configuration > Network
Discovery > SSL Certificates
b) Download HTTPS Certificate and save to local Student Desktop.

8. In the same Internet Browser open a new tab and navigate to the Datacenter CB vWAN
(MCN) user interface Configuration > Virtual WAN > Virtual WAN Certificates
Browse, Upload and Install the VWC HTTPS Certificate (VWCSSLCert.pem).
citrix.com
121
Step Action
9. Click Continue to accept the upload.
10. Back on the Virtual WAN Center user interface, navigate to Configuration > Network
Discovery > Discovery Settings
citrix.com
122
Step Action
11. In the Virtual WAN Center Discovery Settings screen, run through the following to add
the MCN applaince:
a) Enter VWA MCN management IP address 192.168.10.20, and click Test, you
should encounter the following message This appliance is active MCN
b) Click Discover
c) Leave the default Polling Configuration settings and then click Apply
citrix.com
123
Step Action
12. Confirm the addition of all Virtual WAN environment appliances by navigating to the
Configuration > Network Discovery > Inventory and Status page.
Select the options for polling, and lick Apply.
13. Since Virtual WAN Center provides a historical view of the Virtual WAN environment
instead of a real-time view, the Reporting page will take a few minutes before
populating with useful data. Note that the reporting provides views for the last Hour,
Day, Week, and Month.
Exercise Summary
In this exercise, you were introduced to Virtual WAN Center, and setup communication with the
MCN to poll data from the entire Virtual WAN environment.
citrix.com
124
Exercise 11: Upgrade Virtual WAN Center
Overview
In this exercise, we will run through the upgrade procedure for Virtual WAN Center.

Upgrade Virtual WAN Center.

Center
citrix.com
125
Step Action
1. From the StudentDesktop, launch Firefox internet browser. In the bookmark toolbar
launch the CB vWAN Center user interface:
2. NOnce logged in, navigate to Administration > Global Settings > Software Upgrade
a
v
tab. Click the Browse button to upload the latest software.
i
a
g
3. IIn the upload window, browse to \Documents\CB vWAN\vWAN-Software\VW Center

n
t
Upgrade to located the latest Virtual WAN Center software (cb-vwc_9.0.0.319.tar.gz).
hClick Open to upload.
e
citrix.com
126
Step Action
4. CNext, click Upload and Install to begin the install.
l
i
c
k
5. Accept the licensing agreement, then click Install.

Due to the size of this window, you may have to zoom out in the browser.
6. When the process completes, click Continue.
7. You can confirm upgrade to the latest version from the upper right of the user interface.
citrix.com
127
Exercise Summary
In this exercise, we upgraded Virtual WAN Center to the latest firmware.
citrix.com
128
Exercise 12: Use Virtual WAN Center to calculate MOS
Overview
In this example, we will expand your knowledge of Virtual WAN Center (VWC) by introducing
how it can be used as a tool to track the Mean Opinion Score (MOS) of targeted applications.

Enable a test application to calculate the MOS score using Virtual WAN Center

Center
citrix.com
129
Step Action
1. From the StudentDesktop, launch Firefox internet browser. In the bookmark toolbar
launch the CB vWAN Center user interface:
2. Log in and navigate to Configuration > Network Configuration.

Note that you can run through the same Configuration Editor ability right here via the
VWC as if you were making the changes directly on the MCN.
3. You can import the configuration from the MCN, by clicking the Import button. Then
select Active MCN from the Network drop down, and then click Import.
citrix.com
130
Step Action
4. The current running configuration will be imported from the MCN. Expand the
configuration window.
5. Expand the Connections node.
6. Expand the Applications node.
citrix.com
131
Step Action
7. Expand the VideoServer node and enable MOS, by first clicking the pen icon, then click
the Apply button.
8. VValidate that there is a rule in place to catch the VideoServer application flows. If
a
l
leveraging the default set, navigate to Default Set > Virtual Path Default Set >
iNew_Virtual_Path_Default_Set > Rules:
d
a
t
e
9. From the VWC, Save As the new configuration with name Demo_Ex12, Export and run
through the Change Management to export the new configuration to the Virtual WAN
environment.
citrix.com
132
Step Action
10. RNavigate to Configuration > Change Management.
u
n
t
h
r
o
u
g
h
t
Click here to navigate to the MCN.
11. This should forward you to the MCN UI to run through the Change Management
process, which you should already be familiar with from previous exercises.
Log in using admin/password credentials, and navigate to Configuration > Virtual
WAN > Change Management if you do not land on the Change Preparation screen.
Click Begin, and make sure Demo_Ex12 is the configuration is listed. Start the Change
Management process by clicking Next. Run through the entire Activate Staged process
until Done.
citrix.com
133
Step Action
12. After the configuration has been changed to Demo_Ex12, and the configuration has
been pushed to the Virtual WAN environment, you can now run the VideoServer traffic
flow from Remote_Client VM, as you have done in previous exercises. Make sure to
clear the browser history so that the port 80 connection stays active downloading the
video again.
13. NNavigate back to the MCN user interface, Monitoring > Flows and click the refresh
a
v
button to see the VideoServer application flow on port 80.
i
citrix.com
134
Step Action
14. NNavigate back to the VWC user interface and navigate to Reporting > Applications
a
v
tab. You can view the Average and Lowest MOS score for each application that MOS
iwas enabled for in the configuration. With a historical capability of Virtual WAN Center,
dyou can now use this tool to obtain the default value of MOS per targeted application,
and then re-measure MOS after features like Packet Duplication are enabled. This
provides a numerical value to coincide with reported user experience improvements.
Note, the default polling interface for Virtual WAN Center is set to 5 mins, so there data
may take a few minutes to appear as diplayed in the report below.
15. Navigate to the Configuration > Networking Discovery > Discovery Settings page to
identify where to reducing the polling interval, not that this setting cannot be set below 2
minutes. This is because the VWC is designed to report for historical data and not real
time. Real time data should be obtained directly form the appliance UI.
Exercise Summary
In this exercise, you leverage Virtual WAN Center to identify the Mean Opinion Score of a
targeted application.
citrix.com
135
Module 6: CloudBridge 9.0
Release
citrix.com
136
Exercise 13: Introduction to CloudBridge 9.0 Metered
Links
Overview
In this exercise, we will introduce you to a new 9.0 feature that is applicable only for the Virtual
WAN and Enterprise Edition appliances. Where release 7.x firmware was specific for the
CloudBridge WAN Opt Edition, and 8.x firmware was specific for the Virtual WAN Edition, 9.x
firmware covers all available editions (WANopt, Virtual WAN, and Enterprise Edition).
Depending on the appliance or VPX that 9.0 is installed, the configuration, reporting, and new
features will be limited. For this exercise, we are utilizing the Virtual WAN VPX so some
components like WANopt will be non-existent.

Enable the Metered Links 9.0 feature on the Internet WAN link
DC_CB_vWAN
Step Action
1. From the StudentDesktop, launch Firefox internet browser. Click on the bookmark in
the toolbar to launch the Datacenter CB vWAN user interface, then log in with default
credentials (admin/password).
Note that we are going back to using the MCN for Configuration Editing. Because we
are using the tech preview build of 9.0, we are going back to the MCN Configuration for
the below 9.0 specific exercises.
2. In the Configuration > Virtual WAN > Configuration Editor, Import your last saved
configuration file from the Change Management.
Becuase the last configuration was done with the use of Virtual WAN Center, there is a
disconnect between the two (MCN and VWC) that will be addressed in subsequest
releases.
citrix.com
138
Step Action
3. Save the newly imported configuration (e.g. Demo_Ex13), then make further
configuration changes.
Navigate to the DC_CB_vWAN > WAN Links > DC_INET > Settings node and notice
that the WAN Links settings now has a new option called Metered Links, which was
introduced after the 9.0 upgrade.
Metered links adds business logic to conserve bandwidth on links that are billed based
on usage. With the metered links feature comes the capability to configure the links as
the Last Resort link, which disallows the usage of the link until all other non-metered
links are down or degraded. Set Last Resort is typically enabled when there are three
WAN Links to a site (i.e. MPLS, Broadband Interent, 4G/LTE) and one of the WAN links
is 4G/LTE and may be to costly for a business to allow usage unless it is absolutely
necessary.
citrix.com
139
Step Action
4. Click the pen icon to enable Metering for the DC_INET WAN link. Let us pretend that
this is a 4G/LTE link, which is charged based on $/Mbps of usage.
5. After enabling the metered links capability, you will be allowed to provide a Data Cap in
MB, billing cycle, and starting date specific to this WAN link. Lets set some low values
so that we can more easily trigger these settings. Set the Data Cap to 1MB, Cycle to
Monthly and start data 03/01/2016, then click Apply.
citrix.com
140
Step Action
6. Save and Export the new configuration to the Change Management Inbox.
7. Run through the Change Management process, which you should already be familiar
with from previous exercises.
citrix.com
141
Step Action
8. AAfter Activating the Staged appliances that have the new configuration changes running,
f
t
navigate to the Monitoring > Usage Reports page to get a report of usage on your
emetered link.
r
The top banner will be seen on every page alerting when threshold is reached at 50, 75,
90 and 100% usage (always updating with the latest).
The WAN Link Metering Report on the Usage Reports page provides mode granular
detail of usage.
One important note to point out, is that the configuration change is pushed though the
Virtual Paths, which has the INET WAN link enabled. This is why the usage shows
10Megs of usage, even though we only recently enabled this meter feature.
9. AAnother key thing to notice is that if you navigate to the Monitoring > Statistics page,
n
o
you can see that the usage of the WAN Links is lowered compared to the other WAN
tlink (MPLS) even when there is no traffic going across and the system itself is forced to
hsend heartbeat packets between sites to determines the state (latency, loss, jitter) of the
e
rlinks in each direction.
Exercise Summary
In this exercise, we introduced Metered Links and the reporting associated with the feature.
citrix.com
142
Exercise 14: Introduction to CloudBridge 9.0 IPsec
Protected Virtual Paths
Overview

Enable IPsec for secure data transmission across the Virtual Path between MCN and
Client node
DC_CB_vWAN
citrix.com
143
Step Action
credentials (admin/password):
2. In the Configuration > Virtual WAN > Configuration Editor, open your last saved
configuration file.
citrix.com
144
Step Action
3. Under the Connections section, navigate to the Default Sets > Virtual Path Default
Sets node and edit the existing or add a new Virtual Path Default Set.
Notice that the Virtual Path Default Set now has a new IPsec Settings node.
IPsec is an enterprise grade, standards based encryption protocol, with the capability of
using multiple types of encryption algorithms as well as multiple algorithms to ensure
data integrity. IKEv2 is used for initial key negotiation and Security Association (SA)
establishment between two IKE Peers.
Virtual WAN provides a differentiated Virtual Path tunneling mechanism (patent pending)
that prevents the need for IPsec tunnel re-initiation even in the event of WAN Path
failure. The IPsec tunnel stays up as long as one WAN Links is up and functioning.
citrix.com
145
Step Action
4. Enable IPsec, by clicking the Secure Virtual Path User Data with IPsec checkbox. You
will be provided additional options to further configure the IPsec details.
Supported Encapsulation types: ESP, AH, and ESP+AH

Supported Encryption Modes: AES 128 and 256-Bit
Supported Hash Algorithms: SHA1 and SHA-256
Please select from the available drop down menus, then click Apply.
citrix.com
146
Step Action
5. You will need to apply the Virtual Path Default Set to the MCN node, which will
automatically apply the same default set to all Client nodes that have a Virtual Path to
the MCN.
Note: The Configuration Editor allows different Virtual Path Default Sets with different
IPsec parameters for two separate Virtual Paths.
Navigate to the DC_CB_vWAN node, then select DC_CB_vWAN-Remote_CB_vWAN
> Local Site > Basic Settings.
Make sure New_Virtual_Path_Default_Set is properly selected for the Default Set.
citrix.com
147
Step Action
6. Save As (e.g. Demo_Ex14), then click Save.
7. Export the new configuration to the Change Management Inbox.
citrix.com
148
Step Action
8. Make sure the latest saved exercise configuration is in the inbox, then run through the
Change Management process which you should already be familiar with from previous
exercises.
9. Verify the new setting are in effect, by navigating to the Configuration > Virtual WAN >
View Configuration page, and select Virtual Path Service from the View dropdown
menu.
IPsec settings will show only when IPsec is properly enabled.
citrix.com
149
Step Action
10. On the Dashboard, you will also find the status of each Virtual Path and its own IPsec
tunnel status.
11. Navigating to the Monitoring > Statistics page and selecting IPsec Tunnel from the
Show dropdown will display further detailed statistics about each IPsec tunnel, which will
include the Name, State, Packets Received, Packets Sent, etc
Exercise Summary
In this exercise, we introduced the ability to enable IPsec protection of data on the Virtual Paths.
citrix.com
150
Exercise 15: Introduction to CloudBridge 9.0 Path State
Sensitivity Control
Overview

Enable Path State Sensitivity Control for known high loss WAN links
DC_CB_vWAN
citrix.com
151
Step Action
configuration file.
citrix.com
152
3. Under the Connections section, navigate to the Autopath Groups > Default_Group
node and click the pen icon to edit the Default_Group.
Here you will encounter the following options for Bad Loss Sensitive.
Bad Loss Sensitive is enabled by default, which allows the system to mark Paths as
BAD due to high loss and will incur a Path scoring penalty when compared to other
paths. There is an option to disable Bad Loss Sensitive, which may be useful when a
WAN Link is inherently poor quality and the loss of packets is expected, allowing the
system to continue using the WAN Path even in high loss conditions (i.e. skip the BAD
state). The last option is Custom, which is a new 9.0 feature, which allows Path state
sensitivity control.
Select Custom from the Bad Loss Sensitive dropdown.
citrix.com
153
Step Action
citrix.com
154
4. There are additional parameters available in Default_Group that controls Path state
behavior:
Silence Period: Specify silence duration before a Path state transitions from
GOOD to BAD. When not specified, the default is 150ms.
Path Probation Period: Specify the wait time, or Path Probation Period, before
a Path transitions from BAD to GOOD. The default is 10 seconds.
Instability Sensitive: If enabled, latency penalties due to the Path being in a
BAD state and other latency spikes are considered in the Path scoring algorithm.
With Custom option being selected, users can further control the sensitivity with BAD
state % loss sensitivity within a timeframe, set the following for this exercise:
Percent Loss: 20
Over Time: 1000
Silence Period: 200
Path Probation Period: 10000
Instability Sensitive: enable
Click the Apply button when complete.
citrix.com
155
Step Action
5. Save As (e.g. Demo_Ex15).
citrix.com
156
Step Action
7. Make sure the latest config (e.g. Demo_Ex16) is in the Inbox, then run through the
Change Management process which you should already be familiar with from previous
exercises.
8. Once the configuration is pushed out, navigate to the WANem UI for the INET link to
initiate a high 50% loss on that link. Make sure to click Apply Settings.
If the browser has timed out, refresh the browser to make sure the settings have been
applied.
Make sure the WANem settings for the MPLS link are in a good state.
citrix.com
157
Step Action
9. To identify Reporting on the Path states, navigating to the Monitoring > Statistics
page, and select Paths (Advanced) from the View dropdown menu.
The Reason Column will provide detail as to path sate failure cause.
citrix.com
158
Step Action
10. Navigate to the Monitoring > Availability Reports for detailed time bound date for each
Path state, which includes such detail as total uptime, goodtime, badtime, or
downtime.
Exercise Summary
In this exercise, we introduced the ability to customize Path State sensitivity for known high loss
WAN links.
citrix.com
159
Exercise 16: Introduction to CloudBridge 9.0 MPLS
Queues
Overview

Enable MPLS QoS Queues to account for existing providers MPLS queues
DC_CB_vWAN
citrix.com
160
Step Action
configuration file.
citrix.com
161
Step Action
3. Under the Sites section, navigate to the existing DC_MPLS WAN link for the
DC_CB_vWAN node.
citrix.com
162
Step Action
4. Expand the Settings node, then expand the Basic Settings.
From the Access Type drop down, change Private Intranet to Private MPLS.
Enabling this for this particular WAN link, will allow customization of QoS queues within
an MPLS link and tagging of the outter UDP packet from CloudBridge, which can be
identified by MPLS providers to provide class of service.
citrix.com
163
Step Action
5. Click on Add to add one MPLS Queues.
Populate with the following.
MPLS Queue Name: VoIP_Queue
DSCP tag: ef
LAN to WAN Permitted Rate (kbps): 500
WAN to LAN Permitted Rate (kbps): 500
citrix.com
164
Step Action
6. Click on Add to add another MPLS Queues.
Populate with the following.
MPLS Queue Name: Default_Queue
DSCP tag: af11
Unmatched: enable
LAN to WAN Permitted Rate (kbps): 1000
WAN to LAN Permitted Rate (kbps): 1000

Having the Unmatched option ticked will allow DSCP tags not matched by other MPLS
queues will use this queue. Click Apply to save the changes.
citrix.com
165
Step Action
7. In the Configuration Editor navigate to the Remote_MPLS WAN link for the
Remote_CB_vWAN node, and change the Remote_MPLS WAN link as Private MPLS
then create the same MPLS Queues with unique names.
citrix.com
166
Step Action
8. After Applying the new settings, under Connections navigate to DC_CB_vWAN >
Virtual Paths > DC_CB-vWAN-Remote_CB_vWAN > Paths.
The Paths we had configured initially between the MPLS links are no longer there. We
need to rebuild theses paths to reflect our desired MPLS queue paths.
citrix.com
167
Step Action
9. In Paths node, click the plus icon (+) to add a path, and select VoIP_Queue for
DC_CB_vWAN site to R_VoIP_Queue for the Remote_CB_vWAN site. Reverse Also
should be enabled. Then click Add.
10. Perform the same operation, this time matching the Default_Queues.
citrix.com
168
Step Action
11. When complete, you should have 6 total WAN paths (which includes ingress and
egress), built using two WAN links (MPLS and INET), with MPLS being utilized as two
separate WAN link queues (ef, and default).
12. Save As (e.g. Demo_Ex16).
citrix.com
169
Step Action
14. Make sure the latest Configuration (e.g. Demo_Ex17) is in the Inbox, then run through
the Change Management process which you should already be familiar with from
previous exercises.
citrix.com
170
Step Action
15. Navigate to the Monitoring > Statistics and select MPLS Queues from the Statistics
Show drop down for detailed path usage for each MPLS queue.
Exercise Summary
In this exercise, we introduced the ability to customize Path State sensitivity for known high loss
WAN links.
citrix.com
171
Lab Guide Appendix
citrix.com
172
Appendix A: Additional Resources and Information
Lab Infrastructure Diagram (PDF): https://citrix.sharefile.com/d-s0042c4e9b1d4acc9

CloudBridge Virtual WAN PBR Mode Deployment Steps: CTX201577
CloudBridge Virtual WAN Gateway Mode Deployment Steps: CTX201576
Path Dead on a Newly Installed WAN Link: CTX201618
Path Continuously Flipping between Good/Bad/Dead: CTX201619
citrix.com
173
Authors
The following authors contributed to the creation of this deliverable.
Citrix
Christopher Rudolph Shoaib Yusuf
851 W. Cypress Creek Rd. 4988 Great America Pkwy
Ft. Lauderdale, FL 33073 Santa Clara, CA 95054
Phone: (954) 267-3076 Phone: (408) 790-8392
christopher.rudolph@citrix.com shoaib.yusuf@citrix.com
Revision History
Revision Change Description Updated By Date

1.0 Original Shoaib Yusuf May 2016
citrix.com
174
Corporate Headquarters India Development Center
Fort Lauderdale, FL, USA Bangalore, India
Latin America Headquarters
Silicon Valley Headquarters Online Division Headquarters Coral Gables, FL, USA
Santa Clara, CA, USA Santa Barbara, CA, USA
UK Development Center
EMEA Headquarters Chalfont, United Kingdom
Schaffhausen, Switzerland Pacific Headquarters
Hong Kong, China
About Citrix
Citrix (NASDAQ:CTXS) is a leader in mobile workspaces, providing virtualization, mobility management, networking and cloud services to enable new
ways to work better. Citrix solutions power business mobility through secure, personal workspaces that provide people with instant access to apps,
desktops, data and communications on any device, over any network and cloud. This year Citrix is celebrating 25 years of innovation, making IT simpler
and people more productive. With annual revenue in 2013 of $2.9 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100
million users globally. Learn more at www.citrix.com.
Copyright 2014 Citrix Systems, Inc. All rights reserved. [list Citrix trademarks (without or symbols!) in document] are trademarks of Citrix Systems, Inc.
and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be
trademarks of their respective companies.
citrix.com
175

Synergy2016 - Citrix NetScaler SD-WAN

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Synergy2016 - Citrix NetScaler SD-WAN

Загружено:

Авторское право:

Доступные форматы

SYN620: Citrix CloudBridge SD-WAN

Citrix Synergy 2016

Citrix Internal Sales Engineers

Lab Guide Conventions

Special note to offer advice or background information

Start Bold text indicates reference to a button or object

Focuses attention on a particular part of the screen (R:255 G:20 B:147)

Shows where to click or select an item on a screenshot (R:255 G:102 B:0)

AD.training.lab 172.16.10.20 192.168.10.11 Domain Controller, DNS

Remote_MPLS_Router 172.17.30.1 Vyatta Router

Training\Administrator Citrix123 Domain Administrator

WAN Optimization Solution

1. Create the desired network topology

In this exercise you will:

Estimated time to complete this exercise: 30 Minutes

Virtual Machines Required for this Exercise

3. Right click on the devcompute-001.ondemand.vtc node, and select Connect.

11. Then, navigate to System Maintenance > Date/Time Settings.

Then click OK to confirm the switch to the MCN Console.

Then, navigate to Virtual WAN > Configuration Editor.

22. First create a new configuration file by clicking New.

Do not click Apply yet.

Again, please reference the topology for IP address information.

63. Repeat this process for the 172.16.12.0 network.

In this exercise you will:

Estimated time to complete this exercise: 20 Minutes

Virtual Machines Required for this Exercise

8. Type Remote_MPLS in the Name field and then click Apply.

38. Next, expand the Access Interfaces node.

In this exercise you will:

Estimated time to complete this exercise: 15 Minutes

Virtual Machines Required for this Exercise

2. Expand the Remote_CB_vWAN node.

3. Then expand the Virtual Paths node.

5. Finally, expand the Paths node.

8. The Paths node should look like this:

In this exercise you will:

Estimated time to complete this exercise: 15 Minutes

Virtual Machines Required for this Exercise

12. A progress bar will appear showing the transfer progress.

18. The appliance activates inside of a 120 second clock.

You will be returned to the Dashboard screen.

20. Now we can enable the Virtual WAN Service.

22. Click the Enable button.

23. Click OK to confirm enabling the service.

Make note that the Remote_CB_vWAN-Appliance is listed as Not Connected. The

In this exercise you will:

Enable the Virtual WAN Service on the Remote CloudBridge appliances

Estimated time to complete this exercise: 15 Minutes

Virtual Machines Required for this Exercise

5. Log in with admin/password credentials.

11. Click Next, after the Upload is complete

14. The appliance activates inside of a 120 second clock.

You will be returned to the Dashboard screen.

16. Now we can enable the Virtual WAN service.

18. Click the Enable button.

19. Click OK to confirm enabling the service.

The WANem virtual machines were not started from XenCenter

In this exercise you will:

Estimated time to complete this exercise: 15 Minutes

Virtual Machines Required for this Exercise

DC_CB_vWAN Remote_Client iPerf

8. Then click on New_Application to rename it to VideoServer.

Click the Apply button to save the new custom rule.