Product Documentation
Citrix SD-WAN
Current Release 11.5 limited availability 11.3 11.2 11.1 11.0 10.2
View PDF

Citrix Cloud and Gateway service optimization

July 22, 2022
Contributed by: 
H S

With the Citrix Cloud and Gateway Service optimization feature enhancement, you can detect and route traffic destined for Citrix Cloud and Gateway Service. You can create policies to either break the traffic out to internet directly or, to send it via a backhaul route over virtual path. In the absence of this feature, when the default route is virtual path, gateway service will hairpin back to the customer’s Data Center and then would go out to Internet adding unnecessary latency. In addition to that, you now get visibility into Citrix Gateway service and Citrix Cloud traffic and can create QoS policies to prioritize it over virtual path.

The Citrix Cloud and Gateway Service breakout feature is enabled by default in Citrix SD-WAN software version 11.2.1 and above.

For Citrix SD-WAN software version below 11.3.0, the first packet detection and classification of Citrix Cloud and Gateway Service traffic is performed only if the Citrix Cloud and Gateway Service breakout feature is not disabled.

For Citrix SD-WAN software version 11.3.0 and above, the first packet detection and classification of Citrix Cloud and Gateway Service traffic is performed irrespective of whether the Citrix Cloud and Gateway Service breakout feature is enabled or not.

Note

  • You can configure the Citrix Cloud and Gateway Service optimization only through Citrix SD-WAN Orchestrator. For more information, see Gateway service optimization.

  • Citrix SD-WAN Orchestrator traffic optimization is introduced from Citrix SD-WAN software version 11.2.3 or higher. The goal is to provide a more granular classification, and thus, separately identify Citrix SD-WAN Orchestrator traffic and other dependent services’ traffic from Citrix Cloud, and provide an Internet breakout option. As a result, customers can now choose to optimize only the Citrix SD-WAN Orchestrator traffic.

  • From Citrix SD-WAN 11.4.3 onwards, Citrix SD-WAN Orchestrator service traffic signatures are packaged with the appliance software build and loaded onto the appliance during the staging process of Change Management from Citrix SD-WAN Orchestrator service. This step helps overcome any limitations that might prevent the appliance from downloading the signatures from Citrix SD-WAN Orchestrator service post the initial setup or software upgrade.

Citrix Cloud and Gateway Service categories

Following are the traffic categories used for classification and optimization purposes:

  • Citrix Cloud: Enable to detect and route traffic destined for Citrix Cloud Web UI and APIs.

    • Citrix SD-WAN Orchestrator and dependant critical services:

      • Citrix SD-WAN Orchestrator: Enables direct internet breakout of heartbeat and other traffic required to establish and maintain connectivity between Citrix SD-WAN appliance, and Citrix SD-WAN Orchestrator.

      • Citrix Cloud Download Service: Enables direct internet breakout for download of appliance software, configuration, scripts, and so on onto the Citrix SD-WAN appliance.

  • Citrix Gateway Service: Enable to detect and route traffic (control and data) destined for Citrix Gateway Service.

    • Gateway Service Client Data: Enables direct internet breakout of ICA data tunnels between clients and Citrix Gateway Service. It requires high bandwidth and low latency.

    • Gateway Service Server Data: Enables direct internet breakout of ICA data tunnels between Virtual Delivery Agents (VDAs) and Citrix Gateway Service. It requires high bandwidth and low latency and only relevant in VDA resource locations (VDA to Citrix Gateway Service connections).

    • Gateway Service Control Traffic: Enables direct internet breakout of the control traffic. No specific QoS considerations.

    • Gateway Service Web Proxy Traffic: Enables direct internet breakout of the Web proxy traffic. It requires high bandwidth but latency requirements might vary.

Monitoring

You can monitor the Gateway service statistics in the following SD-WAN statistic reports:

  • Firewall Statistics

    Gateway service firewall statistics

    Gateway service firewall statistics Orchestrator

  • Flows

    Gateway service flows

    Gateway service flows Orchestrator

  • DNS Statistics

    DNS statistics

    DNS statistics Orchestrator

  • Application Route Statistics

    Application route statistics

    Application route statistics Orchestrator

Troubleshooting

You can view the service error in the Events section of the SD-WAN appliance.

To check the errors, navigate to Configuration > System Maintenance > Diagnostics, click Events tab.

Gateway service troubleshooting

If there is an issue in connecting to the Citrix service (sdwan-app-routing.citrixnetworkapi.net), then the error message reflects under the View Events table.

Gateway service troubleshooting event detail

The connectivity errors are also logged to SDWAN_dpi.log. To view the log, navigate to Configuration > Appliance Settings > Logging/ Monitoring > Log Options. Select the SDWAN_dpi.log from the drop-down list and click View Log.

You can also download the log file. To download the log file, select the required log file from the drop-down list under the Download Log file section and click Download Log.

Gateway service troubleshooting download log

Citrix Cloud and Gateway service optimization
July 22, 2022
Contributed by: 
H S
July 22, 2022
Contributed by: 
H S

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.