SD-WAN Traffic Engineering Configurations and Verifications
Traffic engineering refers to the process of selecting the paths that traffic will transit through the network. The traffic engineering technique is used for achieving fine-grain control on traffic flow and uses all available WAN transport paths optimally. The technique can be used on a single transport link or multiple transport link depending upon the application’s network requirements.
Compared to conventional Traffic Engineering techniques, Versa Secure SD-WAN traffic engineering capability gives better control over network brown-out scenarios and helps administrators to provide network services for better end-user experience and higher application availability.
This article will provide information about basic traffic engineering configurations and verifications using various tools such as CLI, Versa Director Monitor Tab, and Versa Analytics
Versa SD-WAN traffic engineering configuration has three components. They are outlined below.
| SLA Profile | • Active monitoring of each site to site path to determine − reachability (“Is the path up”) and − performance metrics (Round trip delay, forward & reverse delay variation, forward and reverse direction packet loss percentage, MOS values, etc.) • Path: A combination of local access circuit, remote access circuit, and forwarding class |
| Forwarding Profile | Specification for path selection criteria, including path priorities, SLA thresholds, etc |
| SD-WAN Policy | This is used to match a certain type of traffic based on IP headers, port numbers, Applications or URL. The policy also refers to forwarding profile for traffic engineering |
High level Topology
Spoke Site prefers the default route as advertised by centralized Hub Gateway via SD-WAN. Hence traffic bound to YouTube/Internet was taking SD-WAN instead of taking the direct Internet path. default route present in the routing table towards 172.29.20.101 represents the HUB IP and ‘indirect‘ as interface name represents the path is through SD-WAN fabric.
admin@Spoke1-ENA-cli> show route routing-instance ena-LAN-VRRoutes for Routing instance : ena-LAN-VR AFI: ipv4Codes: E1 - OSPF external type 1, E2 - OSPF external type 2IA - inter area, iA - intra area,L1 - IS-IS level-1, L2 - IS-IS level-2N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2RTI - Learnt from another routing-instance+ - Active RouteProt Type Dest Address/Mask Next-hop Age Interface name---- ---- ----------------- -------- --- --------------BGP N/A 0.0.0.0/0 169.254.0.2 22:47:13 tvi-0/603.0BGP N/A 0.0.0.0/0 169.254.0.4 22:47:13 tvi-0/605.0BGP N/A +0.0.0.0/0 172.29.20.101 22:49:13Indirect...
Configuration
Objectives :
A. To configure traffic policy in such a way that traffic destined for YouTube should take Internet Transport as the primary circuit for the central breakout.
B. 2% packet-loss or higher latency in the primary circuit should failover the traffic to an alternate path
Step 1: SLA profile configuration. Add a new SLA profile YouTube-Profile and input required parameters
Step 2: Configure Forwarding Profile "Default-FP". Choose previously configured SLA profile and select "Evaluate Continuously" and "Enable Symmetric Forwarding"
Step 3: In the "Circuit Priorities" tab select transport circuit priorities. INET represents Internet Circuit with Priority 1 where MPLS represents MPLS circuit with priority 2
Step 4: Create SD-WAN Policy and associate the Forwarding profile - Add application YOUTUBE from dropdown and Streaming_Media in Applications/URL tab - Under Enforce tab choose the right Forwarding profile. Choose event as Priority Change
Verification
In steady state YouTube traffic prefers INET circuit. monitors tab and CLI show command output confirms the behaviour
admin@Spoke1-ENA-cli> show orgs org ena sessions sdwan brief | grep youtube0 2 6111 172.16.221.100 172.217.6.78 53851 443 6 No Yes youtube INET:INET INET:INET Hub-ENA0 2 6112 172.16.221.100 172.217.6.54 53852 443 6 No Yes youtube INET:INET INET:INET Hub-ENA0 2 6114 172.16.221.100 172.217.6.78 53854 443 6 No Yes youtube INET:INET INET:INET Hub-ENA0 2 6161 172.16.221.100 74.125.170.247 53881 443 6 No Yes youtube INET:INET INET:INET Hub-ENA0 2 6162 172.16.221.100 74.125.170.247 53882 443 6 No Yes youtube INET:INET INET:INET Hub-ENA0 2 6158 172.16.221.100 74.125.103.201 53879 443 6 No Yes youtube INET:INET INET:INET Hub-ENA0 2 6159 172.16.221.100 74.125.103.201 53880 443 6 No Yes youtube INET:INET INET:INET Hub-ENA[ok][2020-02-21 06:33:31]admin@Spoke1-ENA-cli>
Degradation in link primary link performance moved the path into SLA-Violated condition and switches traffic to alternate path; in this case, its MPLS circuit connecting to HUB for central Internet Breakouts.
admin@Spoke1-ENA-cli> show orgs org-services ena sd-wan policies Default-Policy rules path-state briefFORWARDING LOCAL REMOTE FORWARDINGNAME REMOTE BRANCH PROFILE SLA PROFILE CIRCUIT CIRCUIT CLASS PRIORITY------------------------------------------------------------------------------------------------------------Youtube-Policy ComcastController Default-FP YouTube-Profile INET INET fc_nc 1MPLS MPLS fc_nc 2Hub-ENA Default-FP YouTube-Profile INET INET fc_ef SLA ViolatedMPLS MPLS fc_ef 2[ok][2020-02-21 06:39:00]admin@Spoke1-ENA-cli>admin@Spoke1-ENA-cli> show orgs org ena sessions sdwan brief | grep youtube0 2 6111 172.16.221.100 172.217.6.78 53851 443 6 No Yes youtube MPLS:MPLS MPLS:MPLS Hub-ENA0 2 6220 172.16.221.100 74.125.103.201 53924 443 6 No Yes youtube MPLS:MPLS MPLS:MPLS Hub-ENA0 2 6223 172.16.221.100 172.217.6.54 53927 443 6 No Yes youtube MPLS:MPLS MPLS:MPLS Hub-ENA0 2 6221 172.16.221.100 74.125.103.201 53925 443 6 No Yes youtube MPLS:MPLS MPLS:MPLS Hub-ENA[ok][2020-02-21 06:41:03]admin@Spoke1-ENA-cli>
Logs on Analytics indicates the SLA violation
Detailed logs of events can be seen from Analytics.
| 20200221T070031.txt:2020-02-21T15:00:34+0000 eventLog, applianceName=Spoke1-ENA, tenantName=ena, generateTime=1582296900, eventType=sdwan-sla-violation, applianceId=0, vsnId=0, tenantId=3, eventSetCntr=13, eventClrCntr=0, rule=Youtube-Policy, localSiteName=Spoke1-ENA, localAccCktName=INET, remoteSiteName=Hub-ENA, remoteAccCktName=INET, fwdClass=fc_ef 20200221T070154.txt:2020-02-21T15:01:56+0000 sdwanSlaPathViolLog, applianceName=Spoke1-ENA, tenantName=ena, flowId=33560761, flowCookie=1582296985, applianceId=1, tenantId=3, vsnId=0, rule=Youtube-Policy, localSiteName=Spoke1-ENA, fromRemoteSiteName=Hub-ENA, fromLocalAccCktName=, fromRemoteAccCktName=, toRemoteSiteName=Hub-ENA, toLocalAccCktName=MPLS, toRemoteAccCktName=MPLS, forwardingClass=fc_be, fromPriority=P-10, toPriority=P-2, reason=”Priority changed”, description=”Original path went down”, codec=”” 20200221T070118.txt:2020-02-21T15:01:18+0000 sdwanSlaPathViolLog, applianceName=Spoke1-ENA, tenantName=ena, flowId=33560746, flowCookie=1582296947, applianceId=1, tenantId=3, vsnId=0, rule=Youtube-Policy, localSiteName=Spoke1-ENA, fromRemoteSiteName=Hub-ENA, fromLocalAccCktName=MPLS, fromRemoteAccCktName=MPLS, toRemoteSiteName=Hub-ENA, toLocalAccCktName=MPLS, toRemoteAccCktName=MPLS, forwardingClass=fc_be, fromPriority=P-10, toPriority=P-2, reason=”Priority changed”, description=”Path (MPLS, MPLS) is SLA compliant – delay:0 msec(100 msec) loss:0.00%(2%) fwdLoss:0.00%(2%) revLoss:0.00%(2%)”, codec=”” 20200221T070118.txt:2020-02-21T15:01:18+0000 sdwanSlaPathViolLog, applianceName=Spoke1-ENA, tenantName=ena, flowId=33560745, flowCookie=1582296947, applianceId=1, tenantId=3, vsnId=0, rule=Youtube-Policy, localSiteName=Spoke1-ENA, fromRemoteSiteName=Hub-ENA, fromLocalAccCktName=, fromRemoteAccCktName=, toRemoteSiteName=Hub-ENA, toLocalAccCktName=MPLS, toRemoteAccCktName=MPLS, forwardingClass=fc_be, fromPriority=P-10, toPriority=P-2, reason=”Priority changed”, description=”Original path went down”, codec=”” |
Summary
This document explained a brief intro to SD-WAN traffic Engineering capabilities. While creating SLA profile many other network KPIs can be considered such as Mean Opinion Score [MOS], Jitter, etc. such parameters can also be used in combination to provide best application availabilities.
