While hanging out at the CloudGenix SD-WAN mixer in Las Vegas last week, one of the CloudGenix folks ran across someone looking for information on the Citrix SD-WAN solution, and routed them my way. The question was whether or not Citrix was worth considering. Is their SD-WAN offering competitive with other offerings on the market that come up more frequently, such as Viptela, Cisco IWAN, CloudGenix, Silver Peak, Velocloud, and Talari?
At that moment, I wasn’t sure. I’ve had so many SD-WAN related briefings and recorded so many podcasts on the topic, that sometimes brand distinctives blur in my mind. So, I went home and did a little homework to refresh my memory. Here’s what I found.
The short answer is that Citrix’s NetScaler SD-WAN offering appears to be the real deal based on both their data sheet description and product positioning per marketing videos and web literature. I would include the product in a bakeoff based on what I know of it right now.
The major features of Citrix NetScaler SD-WAN include:
- Treating multiple WAN circuits as a unified pool of bandwidth.
- Overcoming lossy circuits with duplicated traffic (useful for mission critical apps).
- Link quality monitoring to insure application traffic is delivered in accordance with a policy (related to, but not exactly like, QoS).
- Centralized reporting through their NetScaler Insight Center.
- Integrated WAN optimization. This is traditionally the play you might associate with Riverbed Steelhead – TCP optimization, de-dupe, compression, application-specific optimization. Silver Peak and Riverbed are the only other ones I know for a certainty that integrate WAN op into their SD-WAN product. Incidentally, it is these two that Citrix positions the NetScaler SD-WAN product against.
Things I could not tell from Citrix’s web or data sheet include:
- Big boy routing protocol capabilities. No mention of this, although there was an implication of inline or WCCP. Yuck. Sorry, not a fan of WCCP. In my opinion, WCCP ends up a complex and mostly pointless design for a device that’s supposed to be at the WAN edge. Good for you if WCCP makes you happy, but I’d rather have the option of BGP or OSPF. Real routing means I can create a flexible routing architecture that everyone understands and provides me an option with little control-plane CPU impact. WCCP is more of a gamble.
- Integration with public cloud SaaS. That said, the lineage of NetScaler SD-WAN is CloudBridge, which, if memory serves me, had a strong SaaS integration feature. So, I assume it’s actually there, even if I didn’t dredge it up trolling about the web site. There is an AWS edition which claims to help with both IaaS (makes sense) and SaaS, although it’s not clear to me how being about to stand up a NetScaler SD-WAN appliance in AWS is helpful for SaaS consumers. I suspect there’s a diagram somewhere that would clear that up for me.
- Ability to replace a WAN router. Everyone gets a little nervous to think of replacing their Cisco ISR WAN edge routers, but if you’re going SD-WAN and NOT going IWAN, then replacing that edge router with your SD-WAN appliance is a potentially logical step.
- Ability to use the appliance for branch-in-a-box. Kind of a big deal if you’re trying to simplify your WAN edge. There was mention of the WANOP edition (more on this below) allowing for a Windows Server instance, which is strangely specific.
- Scale. How many WAN endpoints in a NetScaler SD-WAN cloud? I don’t know, and this is something you really have to dig into when doing SD-WAN evaluations. Not all of these SD-WAN solutions are the same. For instance, I believe Talari is up to about 500 devices in their SD-WAN cloud now (plenty for most organizations) while Viptela is something > 2,000 in theirs (critical for those few organizations that have a WAN cloud with this many endpoints hanging off of it).
Appliances & Licensing
Citrix is making this product available via a variety of appliances and license levels. There are Standard (SD-WAN only), WANOP (WAN optimization), and Enterprise (SD-WAN plus WANOP combined into one appliance except in the data center, where you still need both appliances) editions. Implicitly then, you’re leveling up for specific features. The physical appliances are, as you might imagine, sized for throughput and connection count.
There is also a VPX virtual form factor, and Citrix knows how to optimize for x86 on their NetScaler load-balancing appliances. I’d assume that same know-how follows through to the VPX SD-WAN software, although that isn’t necessarily the case. But I’d like to think so. The point being, I believe you should be able to run a VPX-edition NetScaler SD-WAN in a hypervisor without starving the CPU for the other guests running on the host. YMMV.
A little speculation here. The NetScaler SD-WAN appliances will be priced to move. If you do a bakeoff and like this product, I’m guessing price won’t be the thing that breaks the deal. Another consideration is that if you’re already a Citrix shop, NetScaler SD-WAN might make the MOST sense. Hey, you’re already in their ecosystem, so it should be easier to go with what you know. For instance, you are invested in NetScaler for load-balancing, or you use XenApp or XenDesktop.
A final thought is to not get too caught up in vendor-specific product comparisons. On this page, Citrix goes after Riverbed and Silver Peak, making themselves look more capable. Well, that’s fine and all, but SD-WAN products continue to grow rapidly. A feature tipping the scale in Citrix’s favor today might be moot in 3 or 6 months. Play the long game.
You can be sure that Riverbed, while late to market with a robust SD-WAN product, will be growing the platform rapidly to keep their install base (i.e. probably YOU) in the fold. Their engineering department is deep. And I know Silver Peak has been iterating already on the Unity platform, adding new features and functionality.
For More Information
Citrix Combines SD-WAN, WAN Optimization In Single Appliance (packetpushers.net)
Enjoy your SD-WAN bakeoffs, and feel free to share your results with the community. We can set you up as a blogger on PacketPushers.net to do so.