Citrix SD-WAN Orchestrator

ECMP load balancing

Equal Cost Multi-Path (ECMP) groups allow you to group multiple paths with the same cost, destination, and service. The connections or session data is load balanced across all the paths in the ECMP group depending on the type of ECMP group. For example, consider a network with two WAN links between a branch and a data center having the same route cost. Traditionally, one of the WAN links would be active and the other remains dormant acting as a fallback link. With ECMP Groups, you can group these WAN links together and allow traffic to be load balanced through both the WAN links. ECMP load balancing ensures:

  • Distribution of traffic over multiple equal-cost paths.
  • Optimal usage of available bandwidth.
  • Dynamic transfer of traffic to other ECMP member path, if a route becomes unreachable.

ECMP load balancing is supported on the following services:

  • Virtual Paths
  • Internet
  • Citrix Secure Internet Access
  • Zscaler
  • IPsec

You can define a maximum of 254 ECMP groups in your network. The maximum number of ECMP eligible routes in an ECMP group depend on your appliance and license type. The following two types of ECMP groups are supported on Citrix SD-WAN:

  • Source/destination IP address: Networks where multiple clients try to connect to the same destination, the connections are load balanced across equal cost WAN links.
  • Session: Networks where a single client is connected to a destination and multiple sessions are spawned. The session data is load balanced across equal cost WAN links.

To configure an ECMP group, at the Network level, navigate to Configuration > ECMP Groups. Provide a name for the ECMP group and select the type as Src/Dest IP address or Session as required.

Add ECMP group

You can associate the ECMP groups to the following services:

  • Virtual Paths (at site level)
  • Internet services
  • Citrix Secure Internet Access
  • Zscaler
  • IPsec

To enable ECMP configuration on Intranet services, at the Network *level, navigate to Configuration > Services & Bandwidth > Intranet + Service and select the Service Type as Intranet. Select the ECMP group while configuring the Intranet service.

Note

Selecting None will not enable ECMP configuration on the service.

ECMP group for intranet service

To enable ECMP configuration on Virtual paths, at the Site level, navigate to Configuration > Advanced Settings > Delivery Services > Virtual Paths > Static Virtual paths > + Virtual paths. Select the ECMP group while configuring the Static Virtual paths.

Note

Selecting None will not enable ECMP configuration on the service.

ECMP group for virtual path

To enable ECMP configuration on Zscaler services, at the Network level, navigate to Configuration > Services & Bandwidth. Click the Settings icon next to Zscaler listed under the Delivery Services column. Authenticate and click + Site. Select the Enable ECMP check box while adding sites.

NOTE

Zscaler service supports only session-based ECMP load balancing.

ECMP group for Zscaler service

To enable ECMP configuration on Citrix Secure Internet Access service, at the Network level, navigate to Configuration > Services & Bandwidth. Click the Settings icon next to Secure Internet Access Service and click + Site. Select the Enable ECMP check box after selecting the sites.

NOTE

Citrix Secure Internet Access service supports only session-based ECMP load balancing.

ECMP group for secure internet access service

To enable ECMP configuration on fixed IPsec tunnels with third-party peers on the LAN or WAN side, navigate to Configuration > Services & Bandwidth > Intranet + Service and select the Service Type as IPsec. Select the Enable ECMP check box and choose a type from the ECMP Type drop-down list.

ECMP group for IPsec service

ECMP load balancing