This article explains how to configure SD-WAN forwarding policy to redirect the traffic from the link having variable delay(Jitter)
Please refer to this topology diagram for explanation in this article.
Prerequisite
- Versa headend should be installed and functional.
Scenario
- In this example, we have two WAN links named as MPLS and INTERNET on the Versa FlexVNF CPE to forward the traffic.
- We need to configure the SD-WAN policy to forward the Youtube application traffic over the link having less Jitter. We have set the threshold to 50ms.
- Traffic will also be switched over to another link if any point of time the SLA gets violated.
Configuration
SLA Profiles
- Login to Versa Director GUI and navigate to Appliance > Configuration>Services>SDWAN>SLA Profiles
- Click on + in the right pane to add new SLA profile
- We need to create SLA profile with 50ms of variable delay.
Forwarding Profiles
- Click on Forwarding Profile tab > Click + to create the forwarding profile.
- While creating forwarding profile, we need to select the SLA profile(Jitter) configured in step 1.
- Recompute timer sets the time in seconds which essentially used to re-evaluate the SLA compliance state. This will further influence traffic switching time between circuits when current circuit does not meet the SLA threshold values.
- SLA Violation Action has to be set to forward if we indent to switch the traffic to another link when configured SLA gets Violated. You can also set it to Drop in case you want to drop the traffic when SLA gets Violated.
- We can enable Evaluate continuously by marking the given check box. This will enable continuous evaluation of the available circuits against configured SLA parameters.
Policies
- Click on Policies tab at the left-hand pane > Rules > Click + to create new rule.
- Configure the Rule name in General tab and then move to Applications/URL tab to define the list of applications needed to be matched. You can also use Source/Destination tab to provide layer 3 IP addresses to match certain traffic flows. In this example we are using Youtube application hence we have selected Youtube under application
- Click + under Applications section and select the application.
Please Note: Versa Detects more than 3000 applications
- Go-to Enforce tab > and select “Allow Flow” under Forwarding > Actions. Select the Forwarding Profile name configured in forwarding profile section in step 3.
Please Note In case, you need the data to be captured in Versa Analytics, select the LEF Profile under Logging section.
Cli Configuration:
set orgs org-services Tenant-1 sd-wan sla-profiles Jitter delay-variation 50
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter sla-profile Jitter
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter connection-selection-method weighted-round-robin
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter sla-violation-action forward
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter evaluate-continuously enable
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter recompute-timer 50
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter encryption optional
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter symmetric-forwarding enable
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter turn-redirect disable
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter replication mode disable
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter fec sender mode disable
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter fec receiver recovery enable
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter fec receiver preserve-order enable
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter sla-smoothing enable false
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter sla-dampening enable false
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter load-balance per-flow
set orgs org-services Tenant-1 sd-wan forwarding-profiles Jitter gradual-migration disable
set orgs org-services Tenant-1 sd-wan policies Default-Policy rules Jitter-test match source user user-type any
set orgs org-services Tenant-1 sd-wan policies Default-Policy rules Jitter-test match application predefined-application-list [ YOUTUBE ]
set orgs org-services Tenant-1 sd-wan policies Default-Policy rules Jitter-test set action allow
set orgs org-services Tenant-1 sd-wan policies Default-Policy rules Jitter-test set forwarding-profile Jitter
set orgs org-services Tenant-1 sd-wan policies Default-Policy rules Jitter-test set lef event never
set orgs org-services Tenant-1 sd-wan policies Default-Policy rules Jitter-test set lef rate-limit 10
set orgs org-services Tenant-1 sd-wan policies Default-Policy rules Jitter-test monitor interval 3
set orgs org-services Tenant-1 sd-wan policies Default-Policy rules Jitter-test monitor threshold 5
Validation:
admin@cpe1-cli> show orgs org Tenant-1 sessions extensive | select application youtube
sessions extensive 0 2 42674
source-ip 172.16.10.2
destination-ip 216.58.196.174
source-port 56836
destination-port 443
protocol 6
natted No
sdwan Yes
application youtube
forward-pkt-count 231
forward-byte-count 13948
reverse-pkt-count 256
reverse-byte-count 324338
dropped-forward-pkt-count 0
dropped-forward-byte-count 0
dropped-reverse-pkt-count 0
dropped-reverse-byte-count 0
session-age 00:00:18
idle-for 00:00:04
idle-timeout 240
pbf-enabled false
forward-egress-vrf Tenant-1-LAN-VR
reverse-egress-vrf Tenant-1-LAN-VR
session-provider-zone 0
forward-offload false
reverse-offload false
forward-ingress-interface vni-0/3.0
forward-egress-interface ptvi-0/36
reverse-ingress-interface ptvi-0/36
reverse-egress-interface vni-0/3.0
forward-fc fc_be
reverse-fc fc_be
forward-plp low
reverse-plp low
external-service-chaining false
rx-wan-ckt mpls:mpls
tx-wan-ckt mpls:mpls
tx-branch -
pbf-wan-ackt-enc (E)
forward-ingress-ckt vni-0/3.0
forward-egress-branch cpe2
forward-egress-ckt mpls:mpls <<<<<<<<<<<<<<Initial traffic flow traversing over mpls link as it has Jitter less then 50ms
reverse-ingress-branch cpe2
reverse-ingress-ckt mpls:mpls
reverse-egress-ckt vni-0/3.0
sdwan-rule-name Jitter-test <<<<<<<<<<<<<< SD-WAN policy rule is matching the traffic flow
admin@cpe1-cli> show orgs org Tenant-1 sessions extensive | select application youtube
sessions extensive 0 2 42674
source-ip 172.16.10.2
destination-ip 216.58.196.174
source-port 56836
destination-port 443
protocol 6
natted No
sdwan Yes
application youtube
forward-pkt-count 331
forward-byte-count 14948
reverse-pkt-count 356
reverse-byte-count 354338
dropped-forward-pkt-count 0
dropped-forward-byte-count 0
dropped-reverse-pkt-count 0
dropped-reverse-byte-count 0
session-age 00:00:18
idle-for 00:00:04
idle-timeout 240
pbf-enabled false
forward-egress-vrf Tenant-1-LAN-VR
reverse-egress-vrf Tenant-1-LAN-VR
session-provider-zone 0
forward-offload false
reverse-offload false
forward-ingress-interface vni-0/3.0
forward-egress-interface ptvi-0/36
reverse-ingress-interface ptvi-0/36
reverse-egress-interface vni-0/3.0
forward-fc fc_be
reverse-fc fc_be
forward-plp low
reverse-plp low
external-service-chaining false
rx-wan-ckt internet:internet
tx-wan-ckt internet:internet
tx-branch -
pbf-wan-ackt-enc (E)
forward-ingress-ckt vni-0/3.0
forward-egress-branch cpe2
forward-egress-ckt internet:internet <<<<<<<<<<<<<<<< Traffic flow switched to Internet link when variable delay introduced more than 50ms over mpls link
reverse-ingress-branch cpe2
reverse-ingress-ckt internet:internet
reverse-egress-ckt vni-0/3.0
sdwan-rule-name Jitter-test <<<<<<<<<<<<<<<<<< SD-WAN policy rule is matching the traffic flow
Traffic switchover can be monitored and validated in the Branch monitor tab. Go to > Appliance > Click on the branch > Monitor > Click on the Tenant > Summary
