Citrix SD-WAN

Route filtering

For networks with Route Learning enabled, Citrix SD-WAN provides more control over which SD-WAN routes are advertised to routing neighbors rather and which routes are received from routing neighbors, rather than advertising and accepting all or no routes.

  • Export Filters are used to include or exclude routes for advertisement using OSPF and BGP protocols based on specific match criteria. Export filter rules are the rules that have to be meet when advertising SD-WAN routes over dynamic routing protocols. All the routes are advertised to peers by default.

  • Import Filters are used to accept or not accept routes which are received using OSPF and BGP neighbors based on specific match criteria. Import filter rules are the rules that have to be meet before importing dynamic routes into the SD-WAN route database. No routes are imported by default.

Route filtering is implemented on LAN routes and Virtual Path routes in an SD-WAN network (Data Center/Branch) and is advertised to a non-SD-WAN network through using BGP and OSPF.

You can configure up to 512 Export Filters and 512 Import Filters. This is the overall limit, not per routing domain limit.

Configure export filters

In the Configuration Editor, navigate to Connections > Regions > Site > OSPF or BGP > Export Filters.

Export filters

Use the following criteria to construct each Export Filter that you want to create.

Field Criteria Description Value
Order The Order in which filters are prioritized. The first filter that a route matches are applied to that route 100, 200, 300, 400, 500, 600
Network Address Enter the IP address and subnet mask of configured Network Object that describes the route’s network
  • IP address
Prefix To match routes by prefix, choose a match predicate from the menu and enter a Route prefix in the adjacent field
  • eq: Equal to, - lt: Less than, - le: Less than or equal to, - gt: Greater than, - ge: Greater than or equal to
Citrix SD-WAN Cost The method (predicate) and the SD-WAN Route Cost that are used to narrow the selection of routes exported Numeric value
Service Type Select the Service types that are assigned to matching routes from a list of Citrix SD-WAN Services Any, Local, Virtual Path, Internet, Intranet, LAN GRE Tunnel, LAN IPsec Tunnel
Site/Service Name For Intranet, LAN GRE Tunnel, and LAN IPsec Tunnel, specify the name of the configured Service Type to use Text string
Gateway IP Address If you choose LAN GRE Tunnel as the Service Type, enter the gateway IP for the tunnel IP address
Include Select the check box to Include routes that match this filter. Otherwise matching routes are ignored None
Enabled Select the check box to Enable this filter. Otherwise the filter is ignored None
Delete Select the delete icon to delete this filter. None
Clone Click the clone icon to make a copy of an existing filter None

Configure import filters

In the Configuration Editor, navigate to Connections > Regions > Site > OSPF or BGP > Import Filters.

Import filters

Use the following criteria to construct each Export Filter that you want to create.

Field Criteria Description Value
Order The Order in which filters are prioritized. The first filter that a route matches are applied to that route 100, 200, 300, 400, 500, 600
Source Router The IP address of the source router, it is applicable for iBGP only
  • IP address
Destination The IP address and subnet mask of a route’s destination
  • IP address
Prefix To match routes by prefix, choose a match predicate from the menu and enter a Route prefix in the adjacent field
  • eq: Equal to, - lt: Less than, - le: Less than or equal to, - gt: Greater than, - ge: Greater than or equal to
Next Hop The IP address of the next hop
  • IP address
Protocol The routing protocol using which a route is learned OSPF or BGP
Route Tag The OSPF Route tag that the filter matches. OSPF route tags prevent routing loops during mutual redistributing between OSPF and other protocols Numeric value
Cost The route cost used to match OSPF routes for importing Numeric value
AS Path Length The AS path length used to match BGP routes for importing Numeric value
Include Select the check box to Include routes that match this filter. Otherwise matching routes are ignored None
Enabled Select the check box to Enable this filter. Otherwise the filter is ignored None
Delete Click the delete icon to delete this filter. None
Clone Click the clone icon to make a copy of an existing filter None

Configure Route Policy Filter Templates

You can create multiple import or export filter templates with various filter rules and associate the template at each site.

The user created site level import/export filter rules take more precedence. The template rules follow the user created rules when associated to the site in Route Learning section of Connections.

Import route policy template

Export route policy template

Route filtering