Author Topic: WanOS for Citrix  (Read 7817 times)

shishirgarde

  • Member
  • ***
  • Posts: 4
    • View Profile
WanOS for Citrix
« on: March 16, 2016, 08:31:25 AM »
Hi All,

We wanted to try a POC for WanOS to see if it helps with our Citrix XenApp deployment across a WAN link. We currently have the datacenter in Australia and around 100 users connecting to it from Indian office. We get a latency around 250ms with approximately 0.5%-1% packet drops. This really kills the Citrix session at times and we have been looking at TCP optimization solutions. We use public internet as of now to connect to Citrix Netscaler using port 443 and then the Netscaler lets us connect to the published applications through it. I am a bit confused on how to deploy the WanOS devices in our network. First question is that do the two WanOS devices need to communicate with each other or see each other (through a VPN tunnel or something)?
Maybe the next point is that all our datacenter network is virtualized except for our Fortinet Firewall which also NAT's the public IP to a private IP in different VLANs. Also, the branch office just has a Cisco RV042 router with unmanaged switches. As I have seen multiple times on the site, I should not connect to the same network to avoid loop, so how and where do I really deploy it? I am sorry I am a noob when it comes to networking.

I am attaching our network diagram that I drew for the reference.

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: WanOS for Citrix
« Reply #1 on: March 16, 2016, 11:30:14 AM »
Hi,

Ok, the packet loss recovery might be able to help and is worth a try in this scenario.

The Wanos devices do not need to have a Tunnel/VPN between them. They will optimize transparently as long as the traffic flows through both devices. I assume there is already a tunnel between the Cisco and Fortinet to channel traffic from the one site to the other, hence all that would be required is to place Wanos between the unmanaged switch and the Cisco and on the other side, between the firewall and the netscaler.

Not sure if this completely answer the questions, but please let me know if more info is required.
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

shishirgarde

  • Member
  • ***
  • Posts: 4
    • View Profile
Re: WanOS for Citrix
« Reply #2 on: March 17, 2016, 04:38:40 AM »
Thank you for the reply. To add a few points to your post:

1) We do not have any VPN tunnel between the Cisco and the Fortinet. There is a public IP assigned to the Netscaler which encrypts the traffic between the end client and the Citrix servers. That is the sort of the tunnel that is formed through the Netscaler virtual appliance.
2) Related to above, will WanOS be able to optimize the encrypted traffic? Or does it need unencrypted traffic to optimize?

We are just trying a POC as of now to see if this suits our requirements and do not wish to invest in the devices yet. Thus the POC would primarily happen on the WanOS virtual appliance. That is where the confusion starts.

On the branch side, I have a machine where I have installed ESXi and have imported the WanOS OVA. Now this machine has a single NIC (I can make it 2 easily if required). As per the instructions I should not have same network on the WAN and LAN ports of the appliance. But, I do not have any other network. Does it mean that if I have second NIC, then I can plug in a cable coming from my router in WAN port and another cable from LAN port going to the unmanaged switches (both on the same LAN network of 192.168.x.x)?

On the datacenter side, the Fortigate is the physical appliance from where the VLAN tagging starts. Now if we want that traffic only from the Netscaler should be optimized instead of the whole  internet traffic, how and where do we place the virtual appliance in that case? Here is how the traffic flows with IP addresses:

End Client (192.168.x.x) >> Cisco Router (14.141.x.x) >> Internet >> Fortigate (Netscaler's public facing IP 203.x.x.x) >> Netscaler (VLAN 100 with NAT IP 10.100.x.x) >> HOP Network (10.101.x.x) >> Citrix Machines (VLAN 305 with IP 10.105.x.x).

I am sorry if I am confusing you and thanks a lot for your help.
 

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: WanOS for Citrix
« Reply #3 on: March 17, 2016, 10:50:31 AM »
On the unmanaged switch side, two physical NIC on two different vSwitches would be needed. This is since VLAN's are probably not an option on these switches.

On the datacenter side, I think you would be able to use different port groups for the lan0 and wan0 side and placing them in different VLANs. E.g wan0 vlan 101 (fortinet) and lan0 vlan 100 (netscaler).

For most features like stream compression and byte-cache, unencrypted traffic is needed. If the netscaler protocol runs over HTTPS (port 443) then we can remove HTTPS from the default bypass group. While there will be not compression ratios, we can still apply the Packet Loss Recovery to see if it can fix some of the issues.

Regarding the public address, that is fine, it will work as long as its not a dynamic public address and requires some DynDNS solution to resolve. Static public addresses are fine. NAT rules on the firewall may need to be updated and UDP Encap would probably be needed to make everything work.
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

shishirgarde

  • Member
  • ***
  • Posts: 4
    • View Profile
Re: WanOS for Citrix
« Reply #4 on: March 21, 2016, 05:20:59 AM »
Hi Antonie,

Right now we are trying to configure a simple POC to see how it goes. Here is the setup:

PC1 >> WANOS (Router mode) >> Router >> IPSec VPN Tunnel >> Router >> WANOS(Bridge Mode) >> PC2

We are able to ping the PCs and RDP to them. However, the peer status on both the ends still shows as Down. Anything else that we need to configure? Like Multisite or anything?

I have gone through the forums and the wan and lan links are not swapped. I have also added the source to destination rules on both the ends. Have also changed the encapsulation to UDP.

Please suggest.

shishirgarde

  • Member
  • ***
  • Posts: 4
    • View Profile
Re: WanOS for Citrix
« Reply #5 on: March 21, 2016, 06:28:45 AM »
Just to add, we get these logs on both the ends.

[Mon Mar 21 10:26:36 2016] : Routine : Initializing Startup Scripts
Routine : Check Configs
Routine : Updating Configuration
[Mon Mar 21 10:26:36 2016] : Routine : Check Configs
[Mon Mar 21 10:26:36 2016] : Routine : Updating Configuration
Routine : Initializing Wanos Click
[Mon Mar 21 10:26:36 2016] : Routine : Initializing Wanos Click
[Mon Mar 21 10:26:36 2016] : WRTT size: 8
[Mon Mar 21 10:26:36 2016] : wanos.click:30: While configuring 'RadixIPLookup@29 :: RadixIPLookup':
[Mon Mar 21 10:26:36 2016] :   warning: 1 route replaced by later versions
[Mon Mar 21 10:26:36 2016] : wanos.click:28: While initializing 'fd0 :: FromDevice':
[Mon Mar 21 10:26:36 2016] :   warning: wan0: no IPv4 address assigned
[Mon Mar 21 10:26:36 2016] : hard setting force
[Mon Mar 21 10:27:24 2016] : Warn : rsp_peer0 maximum retransmits reached, changing mode to server.
[Mon Mar 21 10:27:24 2016] : hard setting force
[Mon Mar 21 10:32:11 2016] : comp0 WComp Info - Setting force stateless.
Routine : Initializing Startup Scripts
[Mon Mar 21 10:32:11 2016] : Routine : Initializing Startup Scripts
Routine : Check Configs
[Mon Mar 21 10:32:11 2016] : Routine : Check Configs
Routine : Updating Configuration
[Mon Mar 21 10:32:11 2016] : Routine : Updating Configuration
Routine : Initializing Wanos Click
[Mon Mar 21 10:32:11 2016] : Routine : Initializing Wanos Click
[Mon Mar 21 10:32:11 2016] : WRTT size: 8
[Mon Mar 21 10:32:11 2016] : wanos.click:30: While configuring 'RadixIPLookup@29 :: RadixIPLookup':
[Mon Mar 21 10:32:11 2016] :   warning: 1 route replaced by later versions
[Mon Mar 21 10:32:11 2016] : wanos.click:28: While initializing 'fd0 :: FromDevice':
[Mon Mar 21 10:32:11 2016] :   warning: wan0: no IPv4 address assigned
[Mon Mar 21 10:32:11 2016] : hard setting force
[Mon Mar 21 10:32:59 2016] : Warn : rsp_peer0 maximum retransmits reached, changing mode to server.
[Mon Mar 21 10:32:59 2016] : hard setting force
[Mon Mar 21 10:42:11 2016] : hard setting force
[Mon Mar 21 10:42:59 2016] : Warn : rsp_peer0 maximum retransmits reached, changing mode to server.
[Mon Mar 21 10:42:59 2016] : hard setting force
[Mon Mar 21 10:52:11 2016] : hard setting force
[Mon Mar 21 10:52:59 2016] : Warn : rsp_peer0 maximum retransmits reached, changing mode to server.
[Mon Mar 21 10:52:59 2016] : hard setting force
[Mon Mar 21 11:02:11 2016] : hard setting force
[Mon Mar 21 11:03:00 2016] : Warn : rsp_peer0 maximum retransmits reached, changing mode to server.
[Mon Mar 21 11:03:00 2016] : hard setting force
[Mon Mar 21 11:12:11 2016] : hard setting force
[Mon Mar 21 11:13:00 2016] : Warn : rsp_peer0 maximum retransmits reached, changing mode to server.
[Mon Mar 21 11:13:00 2016] : hard setting force
[Mon Mar 21 11:22:11 2016] : hard setting force
[Mon Mar 21 11:22:58 2016] : Warn : rsp_peer0 maximum retransmits reached, changing mode to server.
[Mon Mar 21 11:22:58 2016] : hard setting force
[Mon Mar 21 11:32:11 2016] : hard setting force
[Mon Mar 21 11:32:58 2016] : Warn : rsp_peer0 maximum retransmits reached, changing mode to server.
[Mon Mar 21 11:32:58 2016] : hard setting force
[Mon Mar 21 11:42:11 2016] : hard setting force
[Mon Mar 21 11:42:58 2016] : Warn : rsp_peer0 maximum retransmits reached, changing mode to server.
[Mon Mar 21 11:42:58 2016] : hard setting force
[Mon Mar 21 11:52:11 2016] : hard setting force
[Mon Mar 21 11:52:59 2016] : Warn : rsp_peer0 maximum retransmits reached, changing mode to server.
[Mon Mar 21 11:52:59 2016] : hard setting force

mhaigh

  • New
  • *
  • Posts: 1
    • View Profile
Re: WanOS for Citrix
« Reply #6 on: March 09, 2018, 07:30:33 AM »
Hi ... could you let me know how you got on with this?  We have just implemented WANOS for our UK/USA link, and have similar issues with our Citrix with UK/India, so would really appreciate any feedback.... many thanks..