Citrix SD-WAN Orchestrator for On-premises 14.4

Multicast routing

Multicast routing enables efficient distribution of one-to-many traffic. A multicast source, sends multicast traffic in a single stream to a multicast group. The multicast group contains receivers such as hosts and adjacent routers that use the IGMP protocol for multicast communication. Voice over IP, Video on demand, IP television, and Video conferencing are some of the common technologies that use multicast routing. When you enable multicast routing on the Citrix SD-WAN appliance, the appliance acts as a multicast router.

Source specific multicast

Multicast protocols typically allow multicast receivers to receive multicast traffic from any source.

With the source specific multicast (SSM), you can specify the source from which the receivers receive the multicast traffic. It ensures that the receivers are not open listeners to every source that is sending multicast streams but rather listen to a particular multicast source.

The SSM reduces the cost of resources used in consuming traffic from every possible source. The SSM also provides a layer of security by ensuring that the receivers receive traffic from a known sender.

The following topology shows two multicast receivers at a branch site and a multicast server (172.9.9.2) at the Data Center. The multicast server streams traffic over a particular group (232.1.1.1), the receivers join the group. Any traffic streamed on the multicast group is relayed to all the receivers that joined the group.

Note

For SSM to work, the multicast group IP must fall within the range 232.0.0.0/8.

Multicast topology

  1. The multicast receivers send an IP IGMP join request indicating that the receivers want to join the multicast group and want to receive the multicast stream from the source.

    The IGMP join includes 2 attributes the multicast source and group (S, G). IGMP Version 3 is used for SSM on the multicast source and the receiver to relay some INCLUDE specific source addresses.

    The SSM allows the receivers to explicitly receive streams from specific Multicast servers, whose source address is explicitly provided by the receivers as part of the JOIN request. In this example, an IGMP v3 join request is triggered with an explicit include source list, which contains the source 172.9.9.2, to be the address that sends the multicast stream over the group 232.1.1.1.

  2. The Citrix SD-WAN at the branch listens to all the IGMP requests from these receivers and converts it into a membership report and sends it over the Virtual Path to the SD-WAN appliance at the data center.

  3. The Citrix SD-WAN appliance at the data center receives the membership report over the Virtual Path and forwards it to the Multicast Source, establishing a control channel.

  4. The Multicast source transmits the multicast stream over the Virtual path to the multicast receivers.

The control channel traffic and the multicast stream flow through the established virtual path between the branch and the data center. The Citrix SD-WAN overlay path insures and insulates multicast traffic from WAN degradation or link brownouts.

Multicast configuration

To configure multicast, perform the following on the SD-WAN Orchestrator service at both the source and destination.

  1. Create a multicast group - Provide a name and IP address for the multicast group. The multicast group IP must fall within the range 232.0.0.0/8 for source specific multicast.
  2. Enable IGMP proxy – You can configure the Citrix SD-WAN appliance as an IGMP/MLD proxy to carry the IGMP control channel information for multicast routing.
  3. Define the upstream and downstream services - An upstream interface enables the IGMP PROXY to connect to the SD-WAN appliance closer to the actual multicast source that streams the traffic. A downstream interface enables the IGMP Proxy to connect to the hosts that are farther away from the actual multicast source that streams the traffic. The upstream and downstream services are different for the appliance at the source and the appliance at the destination.

Note:

Once the Branch or MCN is configured as upstream, it needs to be configured as upstream for the other groups as well.

To configure multicast, at the site level, navigate to Configuration > Advanced Settings > Multicast Groups. Create a multicast group by providing a name and IP address (IPv4 or IPv6) for the multicast group. Click Enable IGMP Proxy.

Configure the upstream and downstream paths for the Branch and data center appliances.

For the appliance closer to the multicast receiver (Branch), the appliance receives the multicast traffic on the Virtual Path Interface and sends the traffic on the Local Interface towards the receiver.

Note:

  • When a multicast source is configured as an Intranet service, the source IP of the multicast stream must have a route mapped to the Intranet service.
  • Ensure to create appropriate firewall policies to allow multicast traffic on the SD-WAN appliance.

Branch multicast

For the appliance closer to the multicast source (Data center), the appliance receives the multicast traffic on the Local Interface and sends the traffic on the Virtual Path Interface.

Data center multicast

Monitoring

Flows statistics

After the multicast control channel is established and the multicast source begins streaming, you can view the multicast flows statistics. You can see that Multicast UDP traffic was sent on the virtual path service from a receiver to the multicast group 232.1.1.1.

Note:

If SSM is enabled and if the traffic is received from a different server that is not part of the expected list of source senders the SD-WAN appliance will not have any reporting data.

Flows statistics

Firewall statistics

The firewall table shows the multicast traffic coming over the LAN interface over the Multicast group IP address and is sent over the virtual path.

Firewall statistics

Multicast group statistics

The multicast group table provides details about multicast traffic such as packets sent and received over source, destination, and the aggregation of both.

Multicast group statistics

IGMP/MLD

When the multicast receivers initiate a join group request, you can see the receiver details under Reports > Real Time > IGMP/MLD > IGMP/MLD Stats. You can see this information at both the source and the destination. Click Refresh to get the current data.

The following image shows that the IGMP/MLD packets received and the filter type RECV is used to include IGMP/MLD receive packets.

IGMP

To view the details of IGMP proxy groups, navigate to Reports > Real Time > IGMP/MLD > IGMP/MLD Proxy Groups. Click Refresh to get the current data.

Select Purge IGMP/MLD Stats to purge IGMP statistical data from the IGMP stats table.

Select Purge IGMP/MLD Group to purge IGMP group data from the IGMP groups table.

Multicast routing