Citrix SD-WAN WANOP

Asymmetric routing

In Citrix SD-WAN WANOP network, asymmetric routing occurs when packets flowing from client to server or server to client for the same TCP connection do not pass through one or both the client-side and server-side WANOP appliances. The following cases of asymmetry are observed.

Complete asymmetry:

Complete asymmetry occurs when packets flow from a client to the server through both the client-side and server-side Citrix SD-WAN WANOP appliances. However, on the return path from server to client the packets take a different route bypassing both the Citrix SD-WAN WANOP Appliances.

localized image

Server-side asymmetry:

Server-side asymmetry occurs when packets flow from a client to the server through both the client-side and server-side Citrix SD-WAN WANOP appliances. However, on the return path the packets bypass the server-side Citrix SD-WAN WANOP appliance but traverses the client-side Citrix SD-WAN WANOP appliance.

localized image

Client-side asymmetry:

Client-side asymmetry occurs when packets flow from a client to the server through both the client-side and server-side Citrix SD-WAN WANOP appliances. However, on the return path the packets traverse the server-side Citrix SD-WAN WANOP appliance but bypass client-side Citrix SD-WAN WANOP appliance.

localized image

Handle asymmetry in Citrix SD-WAN WANOP network

In Citrix SD-WAN WANOP network, when complete asymmetry occurs the TCP connection is reset. To avoid TCP connection break and to continue sending unaccelerated traffic, an asymmetric connection list is introduced in SD-WAN WANOP 10.1. This feature is disabled by default; you can enable this feature on both the client-side and server-side SD-WAN WANOP appliances.

On detecting an asymmetric connection for the first time, the TCP connection between client and server is reset and an entry of the tuple is made in the asymmetric connection list. The tuple consists of the client IP address and server IP address. Subsequent connections from the tuple pass through unaccelerated. The connection tuple remains in the asymmetric connection list for a default time-out period of four hours or until symmetry is detected. The unaccelerated pass-through is effective until the time-out occurs or until the appliance dynamically detects that the asymmetry is no longer present.

When client-side asymmetry or server-side asymmetry is detected, the TCP connection is retained and the packets pass through the Citrix SD-WAN WANOP appliance unaccelerated, by default.

To enable asymmetric connection list on Citrix SD-WAN WANOP appliances:

  1. Access the WANOP CLI command prompt (WANOP Accelerator/Broker IP).

  2. Log in with the following credentials:

    **Login as:** *cli*****
    
    **Login**: **** *admin*****
    
    **Password**: **** *nsroot*****
    

    Note

    The default password for admin is nsroot. If you have changed the password, use the right one.

  3. Type the following command and hit enter.

    *Set parameter AssymetricConnectionList.Enable on*
    

    Note

    You can configure the time-out period as per your network requirement, using the AssymetricConnectionList.AutoFlushDuration command.

    There are multiple parameters available with asymmetry list that can be fine-tuned, on-demand, based on your network environment. For more information, contact Citrix Customer Support.

Asymmetric routing