As organizations transition their workloads to Amazon Web Services (AWS), connectivity emerges as a pivotal factor. To enhance application performance, AWS and Citrix have partnered to offer various solutions, prominently featuring the integration of Citrix SD-WAN with AWS. Citrix SD-WAN excels in proactive application traffic management, ensuring a seamless experience throughout. In this article, we will demonstrate how to design a scalable SD-WAN framework using the newly introduced AWS Transit Gateway Connect attachment, while also simplifying deployment via the Citrix SD-WAN Orchestrator.
Citrix stands out as an AWS Technology Partner, boasting competencies in Networking and Digital Workplace solutions. By facilitating sustainable hybrid work models and easing the transition to multi-cloud environments, Citrix empowers organizations to provide a secure and consistent work experience, irrespective of whether employees are in the office, at home, or on the go.
The Challenge Ahead
Traditional WAN architectures are a barrier to realizing the vision of a hybrid multi-cloud setup. Companies require a robust and intelligent network that grants branch and remote office employees seamless access to cloud workloads as well as on-premises data centers and software-as-a-service (SaaS) applications. The WAN technologies of the past, such as MPLS, struggle to meet the bandwidth demands driven by the surge in cloud application traffic, leading to inconsistent user experiences.
Inefficient routing practices stem from the necessity to backhaul traffic to a centralized location for inspection, introducing additional latency that can degrade application performance for users. While implementing direct internet access at local branches can help address latency issues, security remains a primary concern. The security infrastructure, originally centralized in data centers, must now extend to the network edge where users are located.
By deploying Citrix SD-WAN on AWS, organizations can tackle these obstacles, delivering a secure and high-performing overlay network that enables both branch and remote office users to access cloud applications efficiently. Although deploying Citrix SD-WAN within a single virtual private cloud (VPC) is relatively easy, this approach lacks scalability as organizations expand their AWS footprint across multiple VPCs.
Customers can enhance scalability by integrating Citrix SD-WAN with AWS Transit Gateway using VPC or VPN attachments; however, each method has inherent limitations.
Solution Overview
The hybrid architecture involves deploying a Citrix SD-WAN virtual appliance (VPX) on AWS, typically within an Edge VPC or Transit VPC. This serves as the access point for workloads across various VPCs. The Citrix SD-WAN VPX can securely connect to branch offices, data centers, and corporate headquarters through multiple network paths, balancing traffic at the packet level to deliver a resilient WAN solution.
With the introduction of Transit Gateway Connect, Citrix SD-WAN can consolidate edge connectivity to AWS, dynamically route through a single ingress/egress point, enhance bandwidth interconnects, and lower overall operational costs. This integration simplifies network architecture, reduces operational overhead, and enables centralized management of connectivity and security aspects.
As organizations migrate additional workloads to AWS, they can easily connect new VPCs to the SD-WAN by attaching them to the Transit Gateway. With Border Gateway Protocol (BGP) peering established between the Citrix SD-WAN appliance and AWS Transit Gateway, routes are dynamically learned and propagated as new workload VPCs and branch offices go live.
Accessing AWS resources through branches over a Citrix SD-WAN virtual path provides numerous advantages such as link bonding, per packet traffic management for rapid failover, dual-ended Quality of Service (QoS), and centralized visibility and orchestration. For more insights on integrating these technologies, check out this blog post.
To minimize administrative burdens, the SD-WAN Orchestrator service, hosted in Citrix Cloud, offers a centralized platform for configuring, managing, and operating all SD-WAN appliances within the infrastructure, whether cloud-based or on-premises. Through a guided workflow in Citrix SD-WAN Orchestrator, IT teams can seamlessly integrate Citrix SD-WAN appliances with Transit Gateway Connect, linking them to resources in Amazon VPCs.
Furthermore, customers can utilize AWS’s backbone infrastructure to access resources deployed in other AWS regions globally.
AWS Transit Gateway Connect Attachment
Previously, there were two methods to integrate AWS Transit Gateway with third-party network appliances like Citrix SD-WAN—using VPC attachment or VPN attachment. The VPC attachment method is straightforward but only supports static routing. In contrast, the VPN attachment enables dynamic routing via IPSec VPN tunnels, but with a maximum throughput of 1.25 Gbps per VPN attachment. Scaling beyond this limit necessitates multiple IPSec tunnels and the use of BGP Equal-Cost Multipath (ECMP) for traffic distribution.
The introduction of the Transit Gateway Connect attachment simplifies this integration. It establishes a GRE tunnel between the Citrix SD-WAN appliance and AWS Transit Gateway, supporting a maximum bandwidth of 5 Gbps per tunnel. Organizations can scale up to 20 Gbps by adding more GRE tunnels, alleviating the complexity of managing multiple IPSec tunnels.
Additionally, this new attachment offers a more programmatic approach, allowing for GRE tunnel and BGP peering setup through REST APIs or AWS SDKs. The Citrix SD-WAN Orchestrator has developed an integrated workflow utilizing this API capability, enabling users to provision the entire setup through a single interface.
For further details on this topic, you can refer to this authoritative source. Also, for additional insights on onboarding experiences, this resource is excellent.
Leave a Reply