Configure SLA Profiles for SD-WAN Traffic Steering
For supported software information, click here.
When a Versa Operating SystemTM (VOSTM) device in a branch has two or more WAN links, you can configure Layer 2 or Layer 3 SD-WAN traffic steering to direct outgoing traffic flows to the desired WAN link. To identify the traffic, you create a policy that matches the desired traffic. To steer the traffic, you do the following:
- Create a forwarding profile that defines to which of the WAN links to direct the outgoing traffic.
- Create an SLA profile that defines the link-performance parameters to consider when making the final decision which WAN link to use to forward outgoing traffic. SLA profile parameters (latency, jitter, packet loss, and circuit utilization) define the QoS thresholds on the link.
- Associate the forwarding profile and the SLA profile with an SD-WAN policy. Note that if you do not associate an SLA profile with the forwarding profile, all traffic is allowed.
Creating the forwarding and SLA profiles and associating them with a policy form the basic components of SD-WAN traffic steering.
This article discusses how to create an SLA profile. Configuring a forwarding profile (including a detailed description of the default SLA behaviors), associating an SLA profile with a forwarding policy, and configuring an SD-WAN policy are described in Configure SD-WAN Traffic Steering.
The default SD-WAN traffic-steering profile defines the following SLA behaviors:
- SLA recomputation timer—300 seconds
- Path reconsideration interval—60 seconds
- SLA violation action—Forward
To change the default behavior, you create an SLA profile.
SLA Profile Parameters
SLA profiles define the link-performance parameters to consider when making the final decision about how to forward outgoing traffic. The SLA parameters include delay (also called link latency), jitter (also called forward and reverse delay variation), and packet loss. In the SLA profile, you define QoS threshold values for these and other parameters, and you define the action to take when a threshold is exceeded.
You can configure the following metrics in an SLA profile:
- Delay—Maximum link latency. The link latency is a two-way measurement.
- Jitter—Forward and reverse delay variation.
- Packet loss percentage—Total percentage of forward and reverse packet loss in a flow.
- Forward loss—Packet loss in the forward direction.
- Reverse loss—Packet loss in the reverse direction.
- Circuit transmit utilization—Percentage of circuit bandwidth used to transmit packets.
- Circuit receive utilization—Percentage of circuit bandwidth used to receive packets.
- MOS score—Mean opinion score is a measure of the quality of voice data traffic, and it represents the user experience of audio, video, and voice applications. Voice data is always compressed using a codec before it is transmitted, and so the MOS score can vary for the voice data on the same link depending on the codec. The MOS score is also affected by impairments on the network link. VOS devices support a large number codecs. For a complete list, see Configure Real-Time Monitoring.
The SLA for a path is considered violated if any one of these metrics exceeds the threshold specified in the SLA profile.
If multiple paths have the same priority, you can use the path with the best metric instead of configuring metrics and thresholds in an SLA profile. The best-path metrics are lowest latency, lowest delay variation, and lowest packet loss.
To determine the SLA on a link, the VOS device sends SLA probes regularly over each VXLAN tunnel that is established towards each peer branch.The SLA probes are sent as SLA protocol data unit (PDU) packets, and they are sent regardless of whether you configure SLA profiles. The SLA probes collect information about real-time network performance, including response times, latency, jitter, and packet loss, and the SLA profile uses this information to calculate the delay, jitter, and loss for each WAN link. The MOS score is calculated using actual traffic. You can configure SLA probe parameters for each tenant individually, and you can configure multiple probes with different DSCP values.
To illustrate how you might use SLA profiles and SLA probe parameters, let's say that you want to implement traffic steering for two types of traffic, voice and HTTP. The voice traffic has a DSCP value of 46 (EF, or expedited forwarding) and the HTTP traffic has a DSCP of 11 (AF, or assured forwarding). If you configure only one SLA with the priority EF, there is no guarantee that the HTTP traffic receives the same treatment on the WAN. To handle the two types of traffic, you configure two different SLA probes, one for the EF traffic class (to handle the voice traffic) and the second for the AF traffic class (to handle the HTTP traffic). The forwarding profile then uses the proper SLA probe for the different types traffic that is sent between two sites. For information about configuring SLA probes, see Configure IP SLA Monitor Objects.
The delay, jitter, and loss metrics for a WAN link are collectively referred to as key performance indicators (KPIs), and you may see KPIs reported in alarm messages. KPIs are the average of the SLA metrics gathered during the last recomputation interval for the forwarding profile associated with a rule. If, during this interval, a path fails to meet the SLA threshold configured in the forwarding profile, the path is placed into the SLA-violated state, and the VOS device issues an alarm. The alarm applies to that specific path and for every rule that uses the forwarding profile. For example, if a path towards a branch does not meet the SLA defined in the forwarding profile and there are three rules that refer to that forwarding profile, the VOS device issues three alarms. Note that alarms are issued only if there has been transit traffic on that path sometime during the last 5 minutes. If the path has been idle for 60 seconds or more and there is no transit traffic on the path, no alarm is issued even though the path is degraded. For information about the alarms, see SD-WAN Alarms.
A VOS device always calculates the values of all metrics, but when determining whether a path is SLA-compliant, the VOS device uses only the metric configured in the SLA profile. However, when the VOS device sends an alarm, the alarm always reports all measured metrics. For example, if you configure only loss in the SLA profile, only the loss is used to determine SLA compliance, and the delay and jitter values reported in the alarm are informational only.
The delay and jitter metrics are measured for SLA probe PDUs only, and inline loss is measured for transit traffic only. However, transit traffic includes the SLA PDUs. This means that when there is no transit traffic, the inline loss reflects the loss of the SLA PDUs. For example, if 100 transit packets and 10 SLA PDUs are measured during a recomputation interval, then for the purpose of calculating inline loss, there are a total of 110 transit packets. Any packets that are in transit during the recomputation interval are counted as lost by the inline loss measurement, but they are not incorporated into the SLA metrics for the current recomputation interval. Instead, they are incorporated in the SLA metrics for the next recomputation interval.
The circuit transmit and receive utilization values determine the percentage of a circuit's available bandwidth to use for transmitting and receiving traffic. To determine a circuit's available bandwidth, the VOS traffic-steering software measures the bandwidth consumption of each logical interface periodically. (For Releases 16.1R2S10 and earlier, the bandwidth consumption of each physical interface is measured periodically.) Then, to calculate the remaining bandwidth on the circuit, the VOS software uses a reference bandwidth. For the reference bandwidth, it first considers the CoS shaper rate. If no shaper rate is configured, the VOS software considers the interface's uplink and downlink bandwidths. (For a logical interface, these are the physical interface's uplink and downlink bandwidths.) Note that if the shaper rate is not configured or the uplink and downlink bandwidths are not configured, the VOS software cannot correctly determine the available link bandwidth.
For voice data, VOS devices use the MOS score to select the best available path for each voice stream. To calculate the MOS score, a VOS device uses the actual traffic, intercepting the Real-Time Transport Protocol (RTP) and RTP Control Protocol (RTCP) packets in a voice stream. From the RTP packets, it extracts jitter, loss, and delay (latency) information. The RTCP packets contain sender and receiver reports that include statistics about the quality of the voice stream. The VOS device calculates the MOS score continuously for every voice flow. You configure how often to check the MOS score and the threshold of acceptable MOS scores that are used to make the path-selection decision. The frequency of checking the MOS score affects how fast a voice steam can switch to a different path when the SLA for its path is violated. The SLA for a path is considered violated if the calculated MOS score for a voice flow is less than the threshold. You also configure the time interval after which a VOS device re-evaluates paths whose SLAs are violated.
The following figure illustrates the MOS path-selection process. Here, MOS path selection is enabled on the Site 1 branch device for traffic that Site 1 forwards to Site 2. Site 1 intercepts RTP and RTCP packets and uses the information in them to calculate the MOS score for the voice stream. Based on the score, Site 1 selects the best available path.
Configure SLA Profiles
The following are the default SLA parameters in an SD-WAN traffic-steering profile:
- Recomputation timer—300 seconds
- Path reconsideration interval—60 seconds
- SLA violation action—Forward
To change the default SLA behaviors, configure an SLA profile:
- In Director view:
- Select the Configuration tab in the top menu bar.
- Select Templates in the horizontal menu bar.
- Select an organization in the left navigation bar.
- Select a post-staging template from the main panel. The view changes to Appliance view.
- For a Layer 2 SLA profile, select Configuration > Services > Layer 2 SD-WAN > SLA Profiles, and then continue to step 4.
- For a Layer 3 SLA profile, select Configuration > Services > SD-WAN > SLA Profiles, and then continue to step 4.
- Click the + Add icon. The Add SLA Profile popup window displays.
- For a Layer 3 SLA profile, select the General tab. Then, enter information for the following fields.
Field Description Name Enter a name for the SLA profile. It is a text string from 1 to 63 characters long. Description Enter a text description for the SLA profile. Tags Enter a keyword or phrase that allows you to filter the SLA profile name. This is useful when you have many profile names and want to view those that are tagged with a particular keyword. Packet Delay Variation Enter a value for the forward and reverse delay variation (jitter).
Range: 1 to 100 milliseconds
Default: NoneCircuit Transmit Utilization Enter the percentage of a circuit's available bandwidth to use to transmit traffic.
Range: 1 to 100 percent
Default: NoneCircuit Receive Utilization Enter the percentage of a circuit's available bandwidth to use to receive traffic.
Range: 1 to 100 percent
Default: NoneMaximum Packet Loss Enter a percentage value for the total combined forward and reverse packet loss.
Range: 1 to 100 percent
Default: NoneMaximum Forward Packet Loss Enter a percentage value for the maximum packet loss in the forwarding direction.
Range: 1 to 100 percent
Default: NoneMaximum Reverse Packet Loss Enter a percentage value for the maximum packet loss in the reverse direction.
Range: 1 to 100 percent
Default: NoneMaximum Latency Enter a value for the maximum traffic latency (delay). The link latency is a two-way measurement.
Range: 1 to 1000 milliseconds
Default: NoneMOS Score Enter a mean opinion score (MOS) for audio, video, and voice traffic. Mean opinion score is a measure of the quality of voice data traffic, and it represents the user experience of audio, video, and voice applications. Voice data is always compressed using a codec before it is transmitted, and so the MOS score can vary for the voice data on the same link depending on the codec. The MOS score is also affected by impairments on the network link. VOS devices support a large number codecs. For a complete list, see Configure Real-Time Monitoring. To generate a MOS score, you must configure MOS score monitoring, as described in Configure MOS Score Monitoring.
Range: 0 to 5, where 5 represents the best traffic quality
Default: NoneBest Path (Group of Fields) Click one or more best-path fields. If multiple paths have the same priority, the path with the best metric is used instead of choosing a path based on metric thresholds.
When you choose one or more of the best-path fields, the calculated performance score takes into account all configured best-path metrics. Paths that are within 10 percent of the best path's score are considered equally good and are used to send traffic. Other paths are demoted to the Unused priority and are not used.
When multiple paths are present in the same priority bucket, the performance score is calculated based on the best-path metrics that you select. For example, if you select Low Forward Packet Loss, the performance score is calculated based on the lowest forward packet loss, and this score is used to determine the best path.
- Low Delay Variation
Click to select a path based on the lowest delay variation. - Low Latency
Click to select a path based on the lowest latency. - Low Packet Loss
Click to select a path based on the lowest packet loss. - Low Forward Packet Loss
Click to select a path based on the lowest forward packet loss. - Low Reverse Packet Loss
Click to select a path based on the lowest revers packet loss. SaaS App Monitor (Tab) For a Layer 3 SLA profile, select the name of an SaaS application monitor. For more information, see Configure SaaS Application Monitoring. - Click OK.
Associate an SLA Profile with a Forwarding Profile
When you configure an SD-WAN traffic-steering policy, you can associate an SLA profile in one of the following ways:
- Associate an SLA profile with the entire traffic-steering forwarding profile. You do this in the Add Forwarding Profile popup window, on the General tab.
- Associate an SLA profile with a next hop. You do this in the Add Forwarding Profile popup window, on the Next Hop tab, where you configure the next hop and define its parameters and profiles.
For more information, see the Configure Layer 2 SD-WAN Traffic-Steering Forwarding Profiles section or the Configure Layer 3 SD-WAN Traffic-Steering Forwarding Profiles section in the Configure SD-WAN Traffic Steering article.
Supported Software Information
Releases 20.2 and later support all content described in this article, except:
- Release 21.2.1 adds support for configuring SLA profiles for Layer 2 SD-WAN traffic-steering policy.