Citrix SD-WAN


This article outlines routing best practices for the Citrix SD-WAN solution.

Internet/Intranet routing service

When the Internet service is not configured to Internet bound traffic and instead, either a Local route or a Passthrough route is configured to reach the gateway router. The router uses the WAN links configured on the SD-WAN appliance, leading to link over-subscription issue.

If an Internet route is configured as Local at the MCN, it is learned by all the branch SD-WAN sites and configured as Virtual Path Route by default. This implies that Internet bound traffic at the branch appliance is routed through the Virtual Path to MCN.

Routing precedence

The order of routing precedence:

  • Prefix Match: longest prefixes match.
  • Service: Local, Virtual Path service, Internet, Intranet, Passthrough
  • Route Cost

Routing asymmetry

Ensure that there is no routing asymmetry in the network (NetScaler SD-WAN appliance is transmitting traffic in only one direction). This creates issues with Firewall connection tracking, and deep packet inspection.