Recently I had the opportunity to work on a Citrix SD-WAN deployment project for a customer in the manufacturing industry looking to replace their existing MPLS network with a variety & combination of ADSL, NBN & 4G technologies for several offices situated throughout Australia. The cost savings in replacing MPLS with SD-WAN was substantial with SD-WAN paying for itself within a short timeframe while enabling better control over both intra-office traffic and directly Internet (I’ll come back around to this later in the blog but once SD-WAN was deployed, users ended up with a far better experience using the Internet!).
Not coming from a networking background the learning curve for me was pretty steep but, with Citrix documentation, training & access to a lab, I had the chance to get to grips with SD-WAN & learn about more networking terminology before laying hands on our customer’s appliances. I have to say, once you get comfortable with the management interface deploying SD-WAN isn’t so tough.
We rolled out SD-WAN to offices and replaced the existing MPLS link with a combination of a minimum of two different links such as ADSL & 4G, two ADLS links and even multiple 4G links for those sites without access to ADSL or NBN. As soon as the remote appliance could communicate the Master Control Node in the data centre over the various links we yanked the MPLS cable and all traffic flowed via the SD-WAN tunnel without a hitch and with a very fast switching time (very impressive). As the offices now had direct access to the Internet instead of going via MPLS & out the data centre, we used the SD-WAN firewall feature to replace the firewall function provided within the DC and the user’s now had an Internet link with more bandwidth available – some sites went from a maximum of 10Mb on MPLS up to 90Mb on 4G (nice bonus).
We did experience a few issues during the deployment, resolved by upgrading to the latest firmware or engaging Citrix support (there were two firmware releases during the time we deployed these appliances). I did find the SD-WAN management interface easy to work with (once I became used to it) but one area that was a struggle to use was the firewall interface. Due to the amount of information displayed, I was constantly scrolling left and right when reviewing the ruleset and also for the live logs as the information couldn’t fit within a single screen (quite frustrating at times). Hopefully, this’ll improve with future updates.
On the whole, I like the SD-WAN product and was pretty impressed with the way it handles traffic across multiple links. We were testing the appliances by pulling out network links while users we’re going about their work (of course with the appropriately approved change control!) and they didn’t notice a thing, which is what SD-WAN is all about.
