Shulou(Shulou.com)06/01 Report--

On the past Life and present Life of NetScaler SDWAN

First of all, people who know Citrix Citrix know that there are two products in Citrix's network product line.

ADC application delivery platform product-NetScaler also has a wide area optimization product whose name can change frequently-from WANScaler-Repeater-CloudBridge to NetScaler SDWAN platform products. Many people may have some confusion as to whether Citrix has a "renamed department" that is always spending on this product. As a matter of fact, the name of this product changes frequently precisely because new technologies and requirements features are added to the Citrix WAN optimization product every year. In order to better meet the needs of the market, so our concept and the technological driving force combined with it are constantly making progress and keeping pace with the times.

Recall that more than a decade ago, when the private line bandwidth of most enterprises was still in 2M-10M, on the one hand, bandwidth resources were very precious, on the other hand, there were not too many applications transmitted by enterprises in the WAN wide area network, such as ERP, OA, and mail services. At that time, videoconferencing or VoIP Internet telephony was just emerging. The initial problem that users need to solve is the problem of applications competing for bandwidth. You still remember that in 2003, during the two months when SARS raged in Chinese mainland area, many companies had to ask all their employees to ban mobility, yes, to ban mobility, because the terrible situation at that time was that the movement of people would increase the risk of contracting SARS. So many office buildings have to be closed to disinfect the whole building. At this time, people think of the collaborative work mode across the wide area network. However, during that time and for a long time after that, people found that once the application left the local area network and came to the wide area network, it represented "unreliable" and "impossible". First of all, you don't know which applications are in your WAN, which are related to your business, and which are not related to your business (such as BT and Thunderbolt downloading, watching movies on the Internet, which will consume your valuable bandwidth resources). Second, you don't know how to ensure the transmission quality of these applications in the WAN. So we need to solve these two problems at that time. QoS-bandwidth management came into being at that time. It may have come just in time.

Bandwidth management (sometimes called "bandwidth management" in Taiwan and Hong Kong) simply says that it needs to solve two problems: first, it needs to know exactly what applications are being transmitted in the network (WAN). This technology has now standardized DPI (Deep Packet Inspection), that is, after the packet has passed through the device several times, the detection engine can determine what kind of application it is based on the previous application feature library. Then analyze the number of connections, bandwidth utilization and delay based on this application. The bandwidth management strategy is then configured based on the charts of these analyses. To put it simply, it is the classification-analysis-strategy-report of the application. This method worked well at that time. And it works. So much so that it is still one of the means often used by enterprise network managers.

But it also has its limitations.

One of the limitations: can only control the outgoing (Outbound) flow, can not control the incoming (Inbound) flow. The problem is easy to explain. For example, there are about 10 people in a conference room, and now the meeting is over. Everyone has to leave, so whoever leaves first depends on who has a higher priority. QoS bandwidth management is to rank who leaves first and who leaves later according to the priority of the application. So the problem arises at this time. Suppose the previous meeting in this conference room has just ended and 10 of us are leaving, but the next meeting is about to begin, and there are 30 people coming in outside the conference room. Unfortunately, basically, bandwidth management devices can only be managed by the people who come out, not those who come in. As a result, everyone was blocked at the door of the conference room. Because although I prioritized the 10 people who went out to leave the conference room, I couldn't control who could wait outside. I also can not control who these 30 people in the downstairs of the company, subway, elevator hall to sort, who comes first, who comes later.

The second limitation: assume that everyone in the meeting represents an application that is transmitted in WAN. The company's conference room can hold more than 100 people for meetings, but the door can only allow one person to pass through at a time. (large local area network bandwidth, small wide area network bandwidth) so how do you set the priority? In the real world, can you say that the quality of VoIP VoIP is degraded in order to protect video conferencing? Can you allow all employees not to use Skype for business (Lync) to make calls when the company is having a Polycom video conference? For some special state institutions, can you allow your employees to stay off the Internet at the time of monthly closing or tax filing?

Obviously, the above two points have hindered the great development of QoS in the later stage, so we seldom see professional QoS manufacturers exist in this market alone. Instead, we see routers and firewall manufacturers integrating QoS into a feature into their existing products.

Wan optimization product-born out of nowhere. The Chinese market was first awakened by WAN optimization products around 2005. By that time, bandwidth management had reached its bottleneck. The WAN optimization product compresses the data transmitted to the WAN by deploying the same compression dictionary on both sides, and then decompresses the data at the receiver on the other side. Suppose that if the data can be compressed to the original 1/10, does it mean that the WAN bandwidth can be virtually increased tenfold? The reports presented by almost all WAN manufacturers should include this WAN performance chart to reflect the benefits and benefits that can be brought to users by using the WAN optimization equipment of so-and-so.

As a result, WAN optimization products sold very well in the five years from 2005 to 2010. Enterprise users no longer seem to have to be kidnapped by the high cost of private lines by operators. We only need to invest a limited amount of Cepax (fixed cost expenditure) to save unlimited Opex (operating costs) expenses.

The result: the ideal is very full, the reality is very cruel

1: limited optimization of TCP applications, we know that the reason why TCP applications are inefficient in WAN transmission is that they need a three-way handshake, no way, it is a "pessimist" it does not believe in the state of the other end of its transmission, so each session needs three-way handshake verification before it can be transmitted. The three-way handshake to establish the connection passes through the high-latency WAN WAN each time. Distance produces beauty and distance produces time delay. If a packet is lost during transmission, then the entire session retransmission is required. Therefore, when users use ordinary quality WAN links (such as CABLEInternet, XDSL), the WAN bandwidth is often occupied by retransmitted packets. To put it bluntly, the WAN optimization device is a transparent proxy of the TCP protocol. It will first establish some efficient TCP connection between two WAN devices. To be clear here, some Partner said that this is very similar to NetScaler ADC connection reuse when they first heard of this principle. This is a miscalculation, because here they only do the proxy of the connection, not the reuse of the connection. (NetScaler's connection multiplexing is patented.) so the actual number of connections carried by each WAN optimization device has to be multiplied by 2. This is why we care so much about the number of connections in the user environment when we do the selection of WAN optimization devices for users. All right, let's go back to the TCP connection agent, maybe some of our buddies are going to start asking, so what about UDP? UDP is a transport "optimist" who simply ascertains the IP address of the other person and throws things over. Really right, for most UDP protocols, WAN optimization equipment is really not a very good way, one word-transparent Passthrough. Don't do any optimization. We know that most enterprise video systems are transmitted via UDP.

2: not all applications can be compressed, compression will cause delay. The optimization method used by the WAN optimization device default is compression, which evolved from deduplication in the field of storage technology. (interestingly, I found that many manufacturers of WAN optimization devices seldom mention this technology before sale, for fear that users will worry about the security considerations of data integrity. Especially when chatting with users in the financial industry) it doesn't seem to have much effect, for fear of causing harm to real-time applications. I came across a customer whose WAN optimization device claimed to be able to optimize the Citrix ICA protocol. As a result, as long as users turn on the optimization function of ICA after purchase, it will not only not be optimized, but will slow down the actual access, and the user experience will be very bad. It is a real headache for them that they have bought so much equipment and are now discarded. And recently heard a lot of voices, there are indeed many users after the purchase of so-and-so brand of WAN optimization equipment, because there are too many follow-up problems, in 1 or 2 years later no longer use. This can not blame the manufacturer, after all, the number of applications transmitted by users in the WAN increases every year, and not every application can adapt to the mode of hijacking TCP connections first, data compression, and then proxy transmission.

3: cloud architecture makes it impossible for many WAN optimization solutions to start.

Nowadays, not all users need a data center to release enterprise applications, or users do not have to put all applications in their own data center. IaaS and PaaS,SaaS in cloud computing can release building applications at different levels. This is a very good choice for users, but for traditional WAN vendors, the problem comes again. Because all WAN vendors need to deploy at least two devices in pairs to build their own solutions. Maybe it's okay in IaaS, but it's troublesome in SaaS. For example, how to optimize the transmission to Microsoft O365 users? You don't know where the O365 server is? Not to mention the international version and the Chinese century Internet version. You all know that CitrixCloud is stepping up its landing in Microsoft's Azure. Suppose you are a third-party WAN optimization vendor, can you determine where their applications are?

4: it is difficult for general WAN optimization manufacturers to establish their own application optimization ecological relationship.

Ecosystem this is not a bit ridiculous, but in the actual use of WAN optimization equipment. I really need this. For example, if you cannot identify the 32 subchannels of the Citrix ICA protocol, it will be difficult for you to effectively optimize the Citrix ICA protocol, even though it is surrounded by the TCP standard protocol stack. By the same token, if you can't work effectively with a business application company, you can't optimize the data flow at the application layer. The rough compression dictionary works at the Byte level, so this optimization will be counterproductive. This has just been described, so I won't repeat it here.

Well, the length of the above description is just to illustrate one thing, that is, the traditional peer-to-peer optimization solution seems to be coming to an end. The following is WOC (WAN Optimization controller) market analysis. The market has hardly begun to grow. Otherwise, the leading manufacturer of this market, RiverBed, will not be delisted after private equity acquisition. BlueCoat, another manufacturer, has changed hands several times, and has sunk step by step and finally been acquired by Simon. Although the price of 4.8 billion US dollars is still slightly out of line with the experts' predictions.

As you can see, this is a downward curve, not a growth curve.

All right, next we're going to start spraying SDWAN. SDWAN, as its name implies, is Software define WAN-Software defined wide area Network. People who first hear the name may be divided into two categories, one of which is probably numb by the bombardment of software definitions in the past two years. Software-defined storage SDS, software-defined network SDN. Software-defined data center (sorry, I haven't really studied what abbreviation this is). So software-defined wide area network, then come on. The second category may think that this must be a gimmick, maybe it is SDN.

Here I would like to say that the SDWAN launched by Citrix is certainly not simply a change of name to the original product line. This change comes from the new technology implementation model. More specifically, market demand is driving new technological drivers.

Here we use two pictures to illustrate the problem. First, in many enterprises, the cost of WAN dedicated line has always been a big head.

In addition to the high cost of MPLS line expansion, there is another problem. That's when in most areas, if a corporate customer requests to add, modify, or migrate MPLS lines. It takes an average of 90 days to do that. This figure is a bit outrageous in today's IT environment. Because there may be some micro-applications, its life cycle may already be less than this number. In other words, the app may be off the shelves in less than 90 days.

Another phenomenon is that compared with the high cost of dedicated lines, the cost of ordinary Internet is so cheap.

Well, as we all know, there will be more and more applications in the WAN in the future, such as traditional enterprise applications, video, large-scale file transfer, special protocols, encrypted access transfer, mobile Apps, cloud, SaaS and so on. It bothers the enterprise IT managers every day. Because of the problems left over by the traditional WAN optimization equipment, it seems that there is no other way but to expand the dedicated line. However, the architecture of the cloud cannot simply expand the dedicated line. I met an IT manager of a foreign company who mentioned that they were bidding for a project of 100 firewalls recently. I think it's a little strange, because before, the Internet traffic of all their branch offices had to pass through the security equipment of the data center, and then surf the Internet through a unified exit. He said that there is really no way, enterprises are using more and more SaaS applications, many departments really need a lot of access to Internet, the original dedicated line bandwidth is really stretched. It's not that you haven't considered using WOC WAN optimization equipment before. However, it is found that the problems that can be solved can be solved, and those that cannot be solved cannot be solved. After considering the return on investment of ROI, they decided to give up. No matter how high the cost is to upgrade the direct connect bandwidth, the rate of return on ROI is not high. Finally, there is no way to invite tenders for firewall projects. Although this will seriously undermine the security of the overall architecture they designed before. Because a lot of traffic will go directly from the branch without security monitoring.

Okay, so in response to this situation, we throw out the first technical implementation concept of SDWAN: the Hybrid WAN hybrid WAN model. Different types and qualities of WAN lines such as dedicated lines / Internet / 4G can be mixed together. Citrix calls this function Virtual WAN. That is, a virtual link binds all physical links. It has just been mentioned that Internet lines are really cheap. This can increase the bandwidth, not bad. But the quality of each line is uneven. The quality of MPLS is the best. The delay of ordinary Internet lines may be the same as that of leased lines, but the packet loss rate is very high. Then we are not as simple as binding here. How to make sure that everyone's transmission quality is the same? There is an old saying that three cobblers are worth Zhuge Liang. Fortunately, NetSaler SDWAN did this.

Similar to the deployment of WAN optimization, we also deploy a pair of Citrix NetScaler SDWAN on both the sender and receiver across the WAN. But we are in charge of 3 internet lines with different transmission quality. Suppose we bundle three 10m internet lines together to form a virtual bandwidth. It does lose packets, but what's interesting is how these three lines transmit application data.

Example 1: during the transmission of Line 1, a packet loss occurred in Application A, and the SDWAN receiver quickly detected the packet loss and asked for the packet loss to be transmitted back at the first time. At this time, it finds that Line 2 is of the best quality, so the lost packet will be quickly transmitted from Line 2. The entire Session session is still being transmitted methodically. Keep in mind that NetScaler SDWAN is judged and optimized based on Packet packets at this time. It has nothing to do with whether you use TCP or UDP. In other words, users' applications will be optimized by this mechanism whether they use TCP or UDP for transmission. In addition, some users will say, what is the difference between the traditional link load balancing that we knew before? Link load balancing is based on session load, that is, when the session is broken, you need to re-initiate the connection request. But NetScaler SDWAN, it doesn't need it. Packet loss before will cause the whole session to be retransmitted. But in NetScaler SDWAN, it doesn't matter at all. These small changes will not hinder the continuous transmission of the session, and even during the transmission of the entire session, Netscaler SDWAN will dynamically adjust which Packet can take which links in a Session. Multiple links can also carry just one Session session.

Example 2: the user's application B is a video system that needs real-time transmission. Users don't want phenomena such as jitter and other "mosaics". Then we can start the application traffic of this video conference to replicate transmission on two or more lines at the same time. When the NetScaler SDWAN of the receiver receives the earliest Packet, the later packet with the same sequence number will be discarded. Suppose a packet of application B arrives first on internet line 1, then the same packet received by internet line 2 will be discarded. But the next packet may arrive first on Line 2, so Line 1 will be discarded. The netscaler SDWAN device at the receiving end will reassemble the Packet received before and after into data packets. In this way, the more links you transmit, the best your transmission quality will be.

So what is the effect of it? Here is a "Cut Technology" DEMO video that can shock you on the spot.

Http://player.youku.com/player.php/sid/XMTYyODQ1MTU0MA==/v.swf

Virtual WAN is not the only option for Citrix NetScaler SDWAN. As we have just said, for multiple applications competing for bandwidth, you may still need to do QoS bandwidth management, for TCP applications, if the compression dictionary is suitable for extraordinary play, the use of WAN optimization technology may be better. For example, CIFS, FTP, Http and so on based on large file transfer. One more thing here, for Citrix's own ICA protocol, NetScaler SDWAN provides a Citrix on Citrix solution. To put it simply, "We are a family, we all know" NetScaler SDWAN can clearly know the data transmission of each channel of ICA, and give the corresponding optimization.

Does the administrator need to know so much about the underlying technology? no, you don't. You don't need to know which link the packet is going. You also do not need to modify the routing configuration of your existing router. You don't even need to add firewalls. You just need to focus on your application, for a certain application, it is real-time? Interactive? Large file transfer? Based on which nature, we need to provide what kind of optimization. QoS? TCP connection Optimization? Compress? Virtual link replication transmission? You just need to focus on your application and leave the rest to us. This is the advantage of software-defined network transmission. A management plane defines all WAN optimization technologies.

When it comes to the same thing, how to optimize the application in the cloud? Of course, ecological relations will be mentioned here again. We know that in addition to the peer-to-peer SDWAN provided by Citrix NetScaler SDWAN, there are many operational service providers (virtual operators mentioned in China) whose Cloud connection management can be based on applications that allow you to get to the cloud as quickly as possible. NetScaler SDWAN currently chooses Equinix to optimize cloud services.

You can see here that NetScaler SD-WAN has been integrated into the Equinix platform. When users need to connect to the public cloud services of AWS, Google, and Azure, you are first connected to Equinix and away from your nearest Location, and then they will choose the fastest path to the cloud based on your application.

Summary:

Speaking of which, what do you think of Citrix NetScaler SDWAN now? I think you can have many dimensions to know it.

1: it is the next generation of network marginal devices, it has all the current mainstream routing algorithms, OSPF, BGP, ISIS, to ensure that you can be deployed in any marginal network environment, its Virtual WAN virtual network can intelligently bundle multiple physical lines to intelligently transmit packets.

2: it solves the limitation problem that WAN optimization equipment has been unable to solve for more than a decade.

3: it inherits all previous optimization technologies for wide area network applications.

4: it puts security and WAN optimization on the same management plane for the first time. (we will introduce the functions of firewall and SWG security gateway in the future.)

5:Citrix is actively building an ecological chain, and you should know that Equinix has a lot of access to Location in China. And there is a lot of room for imagination in this kind of cooperation in the future.

So we. Happyselling Citrix NetScaler SDWAN... .Enjoy your Life

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.