Citrix SD-WAN

WAN Links

Citrix SD-WAN platforms support upto 8 public internet connections and 32 Private MPLS connections. This article outlines WAN link configuration best practices for the Citrix SD-WAN solution.

Points to remember while configuring WAN links:

  • Configure the Permitted and Physical rate as the actual WAN link bandwidth. In cases where the entire WAN link capacity is not supposed to be used by the SD-WAN appliance, change the Permitted rate accordingly.
  • When you are unsure of the bandwidth and if the links are non-reliable, you can enable the Auto Learn feature. The Auto Learn feature learns the underlying link capacity only, and uses the same value in the future.
  • If the underlying link is not stable and does not guarantee fixed bandwidth (for example; 4G links), use the Adaptive Bandwidth Detection feature.
  • It is not recommended to enable Auto Learn and Adaptive Bandwidth Detection on the same WAN link.
  • Manually configure the MCN/RCN with the Ingress/Egress physical rate for all the WAN links since it is the central point of bandwidth distribution among multiple branches.
  • For increased reliability of important datacenter workloads/services, when auto-learn is not used, use reliable links with SLA’s that does not have random variation of capacity.
  • If the underlying link is not stable, change the following Path settings:

    • Loss Settings

    • Disable Instability Sensitive

    • Silence time

  • Use Diagnostic tool to check the link health/capacity.
  • If SD-WAN is deployed in one-arm mode, ensure that you do not overrun the physical capacity of the underlying link.

For new deployments, earlier than SD-WAN deployment and when adding new ISP link to the existing SD-WAN deployment:

  • Verify the link type. For example; MPLS, ADSL, 4G.

  • Network characteristics. For example - bandwidth, loss, latency, and jitter.

This information helps in configuring the SD-WAN network as per your requirements.

Network topology

It is commonly observed that specific network traffic bypasses the Citrix SD-WAN appliances, and uses the same underlying link configured in the SD-WAN network. Because SD-WAN does not have complete visibility over link utilization, there are chances that SD-WAN oversubscribes the link leading to performance and PATH issues.


Points to consider while provisioning SD-WAN:

  • By default, all branches and WAN services (Virtual Path/Internet/Intranet) receive equal share of the bandwidth.
  • Provisioning sites needs to be changed, when there is high disparity in terms of bandwidth requirement or availability between the connecting sites.
  • When dynamic virtual paths are enabled between maximum available sites, the WAN link capacity is shared between the static virtual path to DC and the dynamic virtual paths.
WAN Links