Citrix SD-WAN Orchestrator

Delivery Services

Delivery Services are delivery mechanisms available on Citrix SD-WAN to steer different applications or traffic profiles using the right delivery methods based on the business intent. The delivery services are defined globally and applied to WAN links at individual sites, as applicable.

Citrix SD-WAN Orchestrator service offers the following delivery Services at the site-level:

  • Virtual paths
  • Internet services
  • Intranet services

Virtual paths

A virtual path is a logical link between two WAN links. It comprises a collection of WAN paths combined to provide high service-level communication between two SD-WAN nodes. This is done by constantly measuring and adapting to changing application demand and WAN conditions. The SD-WAN appliances measure the network on a per-path basis. A virtual path can be static (always exists) or dynamic (exists only when traffic between two SD-WAN appliances reaches a configured threshold).

Static virtual paths

The virtual path settings are inherited from the global wan link auto-path settings. You can override these configurations and add or remove the member path. You can also filter the virtual paths based on the site and the applied QoS profile. Specify a tracking IP address for the WAN Link that can be pinged to determine the state of the WAN Link. You can also specify a reverse tracking IP for the reverse path that can be pinged to determine the state of the reverse path.

To configure static virtual paths, from the site level, navigate to Configuration > Advanced Settings > > Delivery Services > Virtual Paths > Static Virtual Paths.

Static virtual path

You can assign a route cost to the virtual path, for more information, see Virtual Path Route Cost

The active member paths are listed in the Active Member Paths section, you can view or edit the member path settings.

  • IP DSCP Tagging: A tag for the external IP header of the Virtual Path Control Protocol (VPCP) frame.
  • Loss Sensitive: If enabled, a path might be marked as BAD due to loss and incurs a latency penalty in a path score. Set the percentage of loss over the time required to mark the path as BAD. Disable this option if loss of bandwidth is intolerable.
  • Percent Loss (%): This specifies the percentage of loss threshold before a path is marked BAD, as measured over the specified time. By default, the percentage is based on the last 200 packets received. When the packet loss exceeds the set percentage over the configured time, the GOOD Path state changes to BAD.
  • Over Time (ms): When the packet loss exceeds the set percentage over this configured time, the path state is marked as BAD.
  • Silence Period (ms): This specifies the duration (in milliseconds) before the path state transitions from GOOD to BAD. The default is 150 milliseconds. The path state transitions from GOOD to BAD when no packets are received within the specified amount of time.
  • Path Probation Period (ms): The period to wait before changing the path state from BAD to GOOD. The default is 10000 milliseconds.
  • Instability Sensitive: Latency penalties due to BAD state and other spikes in latency are considered.

    Member path info

The WAN link details for the selected active member paths are listed, you can change the settings as required. The UDP port settings can be configured for both IPv4 and IPv6.

  • UDP Port: The port used for LAN to WAN and WAN to LAN packet transfer. You can also specify.
  • Alternate Port: The alternate UDP Port to be used when UDP port switching is enabled.
  • Port Switch Interval: The interval, in minutes, that the WAN Link alternates its UDP Port.
  • Tunnel Header Size in Bytes: The size of the tunnel header, in bytes, if applicable.
  • Active MTU Detect: The LAN to WAN paths for dynamic virtual paths is actively probed for MTU.
  • Enable UDP Hole Punching: The MCN assists UDP connectivity between compatible NAT-protected client sites.

    WAN link properties

Dynamic virtual paths

With demand for VoIP and video conferencing, the traffic between offices has increased. Setting up full mesh connections through data centers is time consuming and inefficient. With Citrix SD-WAN, you can automatically create paths between offices on demand using the Dynamic Virtual Path feature. The session initially uses an existing fixed path. As the bandwidth and time threshold is met, a new path is created dynamically if that new path has better performance characteristics than the fixed path. The session traffic is transmitted through the new path resulting in efficient usage of resources. The dynamic virtual paths exist only when they are needed and reduce the amount of traffic transmitted to and from the data center.

To configure dynamic virtual paths, from the site level, navigate to Configuration > Advanced Settings >Delivery Services> Virtual Paths > Dynamic Virtual Paths.

Select Site Specific Override to override the virtual path settings inherited from the global wan link auto-path settings. The Site Specific Override option only allows you to enable or disable the dynamic virtual paths. You cannot create, remove, or configure the dynamic virtual paths from the site level.

Select Enable Dynamic Virtual Paths to allow the dynamic virtual paths between the configured site and other sites connected through an intermediate node. Using this option, you can enable both, dynamic virtual paths and member paths. Set the maximum allowable dynamic virtual paths for the site.

Dynamic virtual paths

Set the UDP port and dynamic virtual path threshold. Specify the throughput threshold, in kbps or packets per second, on the intermediate site at which the dynamic virtual paths are triggered on LAN to WAN or WAN to LAN.

Dynamic virtual path threshold

Internet Service

An Internet service provides a direct channel between an SD-WAN site and public Internet, with no SD-WAN encapsulation involved. Citrix SD-WAN supports session-load-balancing capability for Internet-bound traffic across multiple Internet links. You can set up only one Internet service for a site.

To configure Internet settings, from the site-level, navigate to Configuration > Advanced Settings > Delivery Services > Internet Service.

You can configure the Internet service globally for all the sites in the network, or specific to individual sites. By default, every site inherits the global Internet service settings and the Internet Override Settings drop-down list displays the Global Default option. If you want to override the global settings with site-specific settings, select the Site Specific Override option from the drop-down list. This option overrides the global Internet settings for a specific site by keeping the network with the default global configurations intact.

To configure site-specific Internet service settings, select Enable from the Internet Service drop-down list. You can further choose between global defaults and site-specific override settings for the following services:

  • Override cost: Flag to override the Internet cost.
  • Internet cost: The route cost used for the default Internet route added to the appliance. The route cost ranges from 1 to 65534.
  • Override Preserve Route: Flags to override the Internet preserve route.
  • Internet Preserve Route: When enabled, packets destined for the Internet service choose this service even if all the WAN links for this service are unavailable.
  • Override Primary Reclaim: When enabled, the usage associated with the Internet service on a WAN link forcefully reclaims status as the active service on that WAN link.

You can configure the following ICMP services at site level and at network level:

  • Determine Internet reachability from link using ICMP probes
  • IPv4 ICMP endpoint address
  • Probe interval (in seconds)
  • Retries

For more information about ICMP probing, see Internet service.

Delivery service internet

To update the WAN link settings for an Internet service:

  1. In the WanLinks Settings section, navigate to Actions > Edit. The Update Wan Link Settings page is displayed.
  2. Update the fields as required. This page provides a complete list of services and the bandwidth allocation of the services configured for the site. You can modify the bandwidth allocation of the Internet service by updating the Allocation% column. The total allocation percentage of all the services put together cannot exceed 100%.

  3. You can set the minimum/maximum upload and download bandwidth value for Internet services. The Min Kbps is a mandatory field. The Max Kbps field is optional and the value cannot be lesser than the configured minimum download/upload bandwidth value. The value must be greater than or equal to the minimum download/upload bandwidth value.

  4. Click Done.

Note

If an Internet WAN link is in the Global Default mode, you cannot update the service allocation. This allocation is applicable only if the WAN link is in the Site Specific Override mode.

Intranet Service

An Intranet service provides an underlay link-based connectivity from an SD-WAN site to any non-SD-WAN site. The traffic is unencapsulated or you can use any non-virtual path encapsulation such as IPsec, GRE. You can set up multiple Intranet services for a site.

To configure the Intranet settings, from the site-level, navigate to Configuration > Advanced Settings > Delivery Services > Intranet Service.

You can configure Intranet settings for a specific site. The Site Specific Override option on the Intranet Override Settings drop-down list configures Intranet settings for a specific site.

When you enable the Intranet Service option for a specific site, you can further choose between global defaults and site-specific override settings for the following services:

  • Override Preserve Route: Flags to override the Intranet preserve route.
  • Intranet Preserve Route: When enabled, packets destined for the Intranet service choose this service even if all the WAN links for this service are unavailable.
  • Override Primary Reclaim: Flag to override primary reclaim.
  • Intranet Primary Reclaim: When enabled, the usage associated with the Intranet service on a WAN link forcefully reclaims status as the active service on that WAN link.

Delivery service intranet

To update the WAN link settings for an Intranet service:

  1. Navigate to the WANLinks Settings section.
  2. Select an Intranet service and click Actions > Edit. The Update Wan Link Settings page is displayed.
  3. Update the fields as required. This page provides a complete list of services and the bandwidth allocation of all the services configured for the site. You can modify the bandwidth allocation of the Intranet service by updating the Allocation% column. The total allocation percentage of all the services put together cannot exceed 100%.
  4. You can set the minimum/maximum upload and download bandwidth value for Intranet services. The Min Kbps is a mandatory field. The Max Kbps field is optional and the value cannot be lesser than the configured minimum download/upload bandwidth value. The value must be greater than or equal to the minimum download/upload bandwidth value.
  5. Click Done.

Note

  • The WanLinks Settings section under Intranet Services displays both, Internet and Intranet service settings configured for a specific site. It does not display just the Intranet settings.
  • If an Intranet WAN link is in the Global Default mode, you do not have an option to update the service allocation. This allocation is applicable only if the WAN link is in the Site Specific Override mode.

Intranet WAN link settings

Delivery Services