Citrix SD-WAN

Citrix Cloud and Gateway service optimization

With the Citrix Cloud and Gateway Service optimization feature enhancement, you can detect and route traffic destined for Citrix Cloud and Gateway Service. You can create policies to either break the traffic out to Internet directly or to send it over via a backhaul route over virtual path. In the absence of this feature, gateway service will always hairpin back to the customer’s Data Center and then would go out to Citrix Cloud adding unnecessary latency. In addition to that, you now get visibility into Citrix Gateway and Citrix Cloud traffic and can create QoS policies to prioritise it over virtual path.

From 11.2.1 release, you can now enable the first packet detection, classification, and selective routing (direct Internet breakout or over the virtual path) of the traffic destined for Citrix Cloud and Citrix Gateway Service (control and data).

Note

You can configure the Citrix Cloud and Gateway Service optimization only through Citrix SD-WAN Orchestrator. The Citrix Cloud and Gateway Service features are supported on Citrix SD-WAN software version 11.2.1 or higher. For more information, see Gateway service optimization.

Citrix Cloud and Gateway Service categories

For Citrix SD-WAN traffic classification and optimization purposes, all Citrix Cloud traffics are divided into the following categories:

  • Citrix Cloud: Enable to detect and route traffic destined for Citrix Cloud Web UI and APIs.

  • Citrix Gateway Service: Enable to detect and route traffic (control and data) destined for Citrix Gateway Service.

    • Gateway Service Client Data: Enables direct internet breakout of ICA data tunnels between clients and Citrix Gateway Service. It requires high bandwidth and low latency.

    • Gateway Service Server Data: Enables direct internet breakout of ICA data tunnels between Virtual Delivery Agents (VDAs) and Citrix Gateway Service. It requires high bandwidth and low latency and only relevant in VDA resource locations (VDA to Citrix Gateway Service connections).

    • Gateway Service Control Traffic: Enables direct internet breakout of the control traffic. No specific QoS considerations.

    • Gateway Service Web Proxy Traffic: Enables direct internet breakout of the Web proxy traffic. It requires high bandwidth but latency requirements might vary.

Monitoring

You can monitor the Gateway service statistics in the following SD-WAN statistic reports:

  • Firewall Statistics

    Gateway service firewall statistics

  • Flows

    Gateway service flows

  • DNS Statistics

    DNS statistics

  • Application Route Statistics

    Application route statistics

Troubleshooting

You can view the service error in the Events section of the SD-WAN appliance.

To check the errors, navigate to Configuration > System Maintenance > Diagnostics, click Events tab.

Gateway service troubleshooting

If there is an issue in connecting to the Citrix service (sdwan-app-routing.citrixnetworkapi.net), then the error message reflects under the View Events table.

Gateway service troubleshooting event detail

The connectivity errors are also logged to SDWAN_dpi.log. To view the log, navigate to Configuration > Appliance Settings > Logging/ Monitoring > Log Options. Select the SDWAN_dpi.log from the drop-down list and click View Log.

You can also download the log file. To download the log file, select the required log file from the drop-down list under the Download Log file section and click Download Log.

Gateway service troubleshooting download log

Citrix Cloud and Gateway service optimization