The SD-WAN BGP routing functionality enables you to:

  • Configure the autonomous system (AS) number of a neighbor or other peer router (iBGP or eBGP).
  • Create BGP policies to be applied selectively to a set of networks on a per-neighbour basis, in either direction (import or export). An SD-WAN appliance supports eight policies per site, with up to eight network objects (or eight networks) associated with a policy.
  • For each policy, users can configure multiple community strings, AS-PATH-PREPEND, MED attribute. Users can configure up to 10 attributes for each policy.


AS number of Citrix SD-WAN is 1000 and cannot be changed. The Citrix SD-WAN AS number cannot have 2 AS numbers configured for eBGP peering and is not related to the service provider AS numbers for eBGP peering. Only local preference and IGP metric for path selection and manipulation is allowed.

Configuring policies

In the SD-WAN web management interface, the configuration editor has a new section, BGP policy, under Route Learning > BGP. In this section, users can add BGP attributes that constitute a policy. Adding community strings, prepending AS paths prepend, and configuring MED are supported.

You can manually configure each community string or select no advertise or no export community string from a drop-down menu. For manual configuration, you can enter an AS number and community. You can select Insert/Remove to tag the routes or remove the community from the routes.

You can configure the number of times you want to prepend the local AS to the AS Path before advertising outside the local network. You can configure MED for matching routes.

To configure BGP policy:

  1. In the NetScaler SD-WAN web management interface, go to Configuration > Virtual WAN > Configuration Editor. Open an existing configuration package. Go to Sites > DC or Branch settings.

    localized image

  2. Go to Connections > BGP and click Enable under Basic Settings. Enter Router ID and Local Autonomous System value and click Apply.

    localized image

  3. Click Community String List. Configure each community string manually or by selecting no advertise or no export community string from the drop-down menu. For manual configuration, you can enter an AS number and community. You can select Insert/Remove tag the routes with the community string or remove the community string from the routes received from the peers.

    localized image

    localized image

  4. Configure BGP policy by expanding BGP Policies. Add BGP attributes to the New Route Policy.

    localized image

    localized image

  5. Click the + sign next to Attributes to edit BGP attributes. The Edit Attributes window is displayed. Select the desired BGP attribute from the drop-down menu. Enter the desired value for MED, AS Prepend Length, or Community String as per your selection. Click Apply.

    localized image

    localized image


Any policy can have only one occurrence of an attribute and cannot take multiple occurrences of the same attribute. You cannot have 2 MED or 2 AS Path Prepend. It can have either MED/AS-PATH Prepend/Community String or a combination.

Configuring neighbors

To configure eBGP, an extra column to the existing BGP neighbors section is added to configure neighbor AS number. The existing configurations are pre-populated to this field with the local AS number when you import previous configuration using the SD-WAN 9.2 configuration editor.

The neighbor configuration also has an optional advanced section (expandable row) where you can add Policies for each neighbor.

Configuring advanced neighbors

With this option, you can add network objects and add a configured BGP policy for that network object. This is similar to creating a route map and ACL to match certain routes and configuring BGP attributes for that neighbor. You can specify the direction to indicate if this policy is applied for incoming or outgoing routes.

The default policy is to accept all routes. Accept and reject policies are defaults and cannot be modified.

You can match routes based on Network address (destination address), AS Path, Community string and assign a policy and select direction for the policy to be applied.

To configure neighbors:

  1. Configure neighbors by clicking Add as shown in the following.

    localized image

  2. Click the + sign. Select a Virtual Interface. Enter the Neighbor IP address.

    localized image

  3. Add policies. Select Network Address, BGP Community, and AS Path details as desired. Click Apply.

    localized image

  4. Go to Monitoring > Routing Protocols > Dynamic Routing Protocols to monitor the configured BGP policies and neighbors for the DC or Branch site appliance.

You can enable debug logging and to view log files for routing from the Monitor > Routing Protocol page. The logs for the routing daemon are split into separate log files. The standard routing information is stored in dynamic_routing.log while dynamic routing issues are captured in dynamic_routing_diagnostics.log which can be viewed from monitoring of routing protocols.

BGP soft reconfiguration

Routing policies for BGP peer include configurations such as route-map, distribute-list, prefix-list, and filter-list that might impact inbound or outbound routing table updates. When there is a change in the routing policy, the BGP session should be cleared, or reset, for the new policy to take effect.

Clearing a BGP session using a hard reset invalidates the cache and results in negative impact on the operation of networks as the information in the cache becomes unavailable.

With SD-WAN 10.0 software release, the BGP Soft Reset Enhancement feature provides automatic support for dynamic soft reset of inbound BGP routing table updates that are not dependent upon stored routing table update information.