Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Application-Based Multipath Routing

 

Application-Based Multipath Routing Overview

Traffic for video and voice are sensitive to packet loss, latency and jitter. Packet loss directly leads to degradation in the quality of voice and video calls. in voice or video calls.

To ensure timely delivery of these sensitive application traffic, application-based multipath routing (also referred as multipath routing in this document) is supported on SRX Series devices to allow the sending device to create copies of packets, send each copy through two or more WAN links.

Multipath identifies two or more paths based on the SLA configuration and sends out a copy of the original traffic on all the identified paths.

On the other end, among the multiple copies of the packet received, the receiving device selects the first received packet and drops the subsequent ones. On the receiving device, while the copy of the packet is in progress, multipath calculates the jitter and packet loss for the combined links and then estimates the jitter and packet loss for the same traffic on individual links. You can compare the reduction in packet loss when combined links are used instead of individual links used for traffic.

Sending the multiple copies of the application traffic ensures that if there is a packet loss or delay, the other link might still deliver the packet to the endpoint.

SRX Series devices support application-based multipath routing starting in Junos OS Release 15.1X49-D160.

Starting in Junos OS Release 19.2R1 and Junos OS Release 15.1X49-D170, application-based multipath routing support is available when device is operating in chassis cluster mode.

Multipath routing leverages following functionality:

  • Application identification details from Deep Packet Inspection(DPI)

  • APBR functionality for packet forwarding feature

  • AppQoE service for SLA association.

Supported Use Cases

  • SD-WAN hub and spoke topology

  • SD-WAN mesh topology

Limitations

  • All the selected WAN links must be of ECMP paths for a destination.

  • All the selected WAN interfaces which need to be a part of multipath routing sessions must belong to one single zone

  • Multipath routing feature is supported only between two book-ended security devices.

Benefits of Multipath Routing

  • Multipath support in SD-WAN uses case enhances application experience by reducing packet loss, faster delivery of the packet, and less jitter that results in better quality of service for the traffic especially for the voice and video traffic.

Understanding Workflow in Multipath Routing

The following sequences are involved in applying multipath routing:

  • Junos OS application identification identifies applications and once an application is identified, its information is saved in the application system cache (ASC).

  • Application policy-based routing (APBR) queries the application system cache (ASC) module to get the application attributes details.

  • APBR uses the application details to look for a matching rule in the APBR profile (application profile). If a matching rule is found, the traffic is redirected to the specified routing instance for the route lookup.

  • AppQoE checks whether an SLA is enabled for a session. If the session is candidate for an SLA measurement, and if multipath routing is configured, then multipath routing is triggered.

  • Based on the SLA rule, multipath routing obtains the underlay link types and corresponding overlays on which packet duplication needs to be performed. Multipath routing can be triggered based on the configuration of an SLA rule. When multipath routing is configured within an SLA rule for a specific application, AppQoE functionality is disabled for all sessions of that application matching the SLA rule.

  • Based on the application traffic and the configured bandwidth limit, multipath identifies two or more paths and triggers a copy of the original traffic on all the identified paths. Multipath routing path selection is done on the overlay paths. The parameters to limit the bandwidth is based on the underlay link-speed and selection is based on link-type.

  • On the receiving device, while the copy of the packet is in progress, multipath calculates the jitter and packet loss for the combined links and then estimates the jitter and packet-loss for same traffic on individual links.

  • On the receiving device, multipath routing accepts packets of a session arriving through different links, maintain sequence of a packet arriving on different CoS queues, and drop any duplicates.

Multipath routing copies packets on all the links belonging to a rule till the bandwidth limit is reached. The bandwidth limit is calculated based on the least link speed identified for that rule. This is applicable for all the sessions for all the applications which match that multipath routing rule. Once the limit is reached, multipath routing stops copying of packets and starts a timer for a time period as configured in max-time-wait option in the multipath routing configuration. When the timer expires, it restarts the copying of the packets again.

Example: Configuring Application-Based Multipath Routing

This example shows how to configure multipath routing to provide quality of experience (QoE) by enabling real-time monitoring of the application traffic according to the specified SLA.

Requirements

  • Supported SRX Series device with Junos OS Release 15.1X49-D160, Junos OS Release 19.2R1, or later. This configuration example is tested for Junos OS Release 15.1X49-D160.

  • Valid application identification feature license installed on a security device.

  • Appropriate security policies to enforce rules for the transit traffic, in terms of what traffic can pass through the device, and the actions that need to take place on the traffic as it passes through the device.

  • Enable application tracking support enabled for the zone. See Application Tracking.

  • Ensure that following features are configured:

Overview

To ensure uninterrupted delivery of these sensitive application traffic, application-based multipath routing is supported on security devices to allow the sending device to create copies of packets, and send each copy through two WAN links to the destination.

Multipath routing identifies two paths based on the SLA configuration and creates duplicate copy of the application traffic and sends the traffic simultaneously on different physical paths. On the receiving device, while the copy of the packet is in progress, multipath routing estimates on the reduction in jitter, RTT and packet loss and analyzes the quality of service for routing the traffic to the best link to provide SLA to the end user. This also helps in estimation on the reduction in jitter, RTT and packet loss is done. If both the copies are received on the remote end, then the first received packet is considered, and drops the subsequent ones.

Table 1 provides the details of the parameters used in this example.

Table 1: Configuration Parameters for Multipath Rule, SLA Rule, and APBR

Parameter

Options

Values

Multipath rule (multi1)

Number of paths

2

bandwidth-limit

60

Maximum time to wait

60

Link type

MPLS, IP

application

junos:YAHOO, junos:GOOGLE

application-group

junos:web

SLA rule (sla1)

Associated multipath rule

multi1

APBR profile (apbr1)

Match applications

junos:YAHOO

APBR rule

rule1

SLA rule

sla1

Underlay interface

ge-0/0/2 and ge-0/0/3

  • Speed: 800 Mbps

In this example, you configure a multipath rules for junos:YAHOO and junos:GOOGLE application traffic. Then configure an SLA rule and associate multipath rules with multipath rule.

Next, associate the SLA rules with APBR rules created for the Yahoo application. APBR uses the application details to look for a matching rule in the APBR profile (application profile).

Multipath rule is applied on the traffic matching junos:YAHOO or junos:GOOGLE, and forwarded to and the next-hop address as specified in the routing instance.

Multipath routing obtains the underlay link types and corresponding overlays on which packet duplication is required based on the SLA rule. Based on the application traffic and the configured bandwidth limit, multipath identifies two or more paths and triggers a copy of the original traffic on all the identified paths.

When traffic reaches on receiving end, the receiving device accepts packets of a session arriving through different links, and maintains sequence of a packet arriving on different CoS queues and drops any duplicate packets.

Note

Ensure that configuration is the same across the devices on both the sending-side and on the receiving-side device is such that devices can to act as both sender and a receiver.

Configuration

Configure Multipath Rules for Application Traffic (Device Configured to Send Traffic)

Step-by-Step Procedure

Configure APBR profiles for different applications traffic and associate SLA rule and multipath rule.

  1. Create routing instances.
  2. Group one or more routing tables to form a RIB group and import routes into the routing tables.
  3. Configure AppQoE as service. You must configure AppQoE as service for host inbound traffic for a desired zone.
  4. Create the APBR profile and define the rules.
  5. Configure active probe parameters.
  6. Configure metrics profile.
  7. Configure underlay interfaces.

    if link-type is not configured under the underlay interfaces option, the default link-type IP is used and default link-speed of 1000 Mbps is considered.

  8. Configure overlay paths.
  9. Configure destination path groups.
  10. Configure multipath rule.
  11. Configure SLA rule.
  12. Associate an SLA rule to multipath rule.

Configure Multipath Rules for Application Traffic (Device Configured to Receive Traffic))

Step-by-Step Procedure

The variables configured in this step are the same for both the sending and receiving device.

  1. Configure multipath rule on the receiving device.

Results

From configuration mode, confirm your configuration by entering the show commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

Hub-side device multipath rule configuration

If you are done configuring the device, enter commit from configuration mode.

Verification

Displaying Multipath Rule Status

Purpose

Display the details of the multipath rule on the device configured to send traffic.

Action

From operational mode, enter the show security advance-policy-based-routing multipath rule command.

user@host>show security advance-policy-based-routing multipath rule multi1

Meaning

The command output displays the multipath rule details.

Display Multipath Rule Statistics for An Application

Purpose

Display the details of the application traffic on the device configured to receive traffic

Action

From operational mode, enter the show security advance-policy-based-routing multipath rule rule-name application application-name command.

user@host> show security advance-policy-based-routing multipath rule multi1 application junos:YAHOO

Meaning

The command output displays the multipath rule for the application.

Displaying Multipath Rule Policies

Purpose

Display the details of the multipath rule on the device configured to send traffic.

Action

From operational mode, enter the show security advance-policy-based-routing multipath rule command.

user@host> show security advance-policy-based-routing multipath policy statistics application junos:YAHOO multipath-name multi1 profile apbr1 rule rule1 zone trust

Meaning

The command output displays the details on the traffic handled with multipath rule applied.

Displaying Multipath Rule Status

Purpose

Display the details of the multipath rule on the device configured to receive traffic

Action

From operational mode, enter the show security advance-policy-based-routing multipath rule command.

user@host> show security advance-policy-based-routing multipath rule multi1

Meaning

Output displays details related to multipath rule.

Release History Table
Release
Description
Starting in Junos OS Release 19.2R1 and Junos OS Release 15.1X49-D170, application-based multipath routing support is available when device is operating in chassis cluster mode.
SRX Series devices support application-based multipath routing starting in Junos OS Release 15.1X49-D160.