Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

SLA Profiles and SD-WAN Policies Overview

Contrail Service Orchestration (CSO) enables you to add traffic-based steering profiles and map them to software-defined WAN (SD-WAN) policies for traffic management.

Traffic-Based Steering Profiles

Traffic-based steering profiles are created for applications or groups of applications for all tenants. Traffic-based steering profiles are categorized as follows:

  • SLA-Based Steering Profiles—An SLA-based steering profile consists of a set of configurable constraints such as SLA configuration, SLA threshold, SLA parameters, path selection criteria, Class of Service, and upstream and downstream data rates.

    Note:

    The Secure SD-WAN Essentials service does not support SLA-based steering profiles.

  • Path-Based Steering Profiles—A path-based steering profile consists of a set of configurable constraints such as path preference, traffic type profiles, and upstream and downstream data rates.

  • Breakout Profiles—A breakout profile consists of set of configurable constraints such as type of breakout, traffic type profiles, path preference, and upstream and downstream data rates. A cloud breakout profile is added by Contrail Service Orchestration (CSO) by default.

Table 1, Table 2 and Table 3 lists the categories of configurable constraints that are defined in an SLA-based profile, path-based profile and breakout profiles.

Table 1: SLA-Based Profile Categories

Category

Description

SLA profile parameters

You can define one or more than one of the following SLA profile parameters:

  • SLA Configuration—Whether to use recommended or custom values for the SLA threshold and SLA parameters.

  • SLA Threshold—Whether to use, liberal, baseline, or conservative settings for the threshold.

  • SLA parameters:

    • Packet loss—Percentage of data packets dropped by the network to manage congestion.

    • RTT—Target round-trip time (RTT) for the SLA profile.

    • Jitter—Difference between the maximum and minimum round-trip times (in ms) of a packet of data.

Path preference and failover

Paths are the WAN links to be used for the SLA profile. You can select MPLS, Internet, or any link as the preferred path. MPLS is more latency-sensitive than Internet.

You can trigger the path failover criteria when any of the SLA parameters is violated, or when all the SLA parameters are violated.

Class of service

Class of service (CoS) provides different levels of service assurances to various forms of traffic. CoS enables you to divide traffic into classes and offer an assured service level for each class. The classes of service listed in increasing order of priority and sensitivity to latency are best effort, voice, interactive video, streaming audio or video, control, and business essential. The default CoS is voice.

Rate limiters

Rate limiters are defined for traffic shaping and efficient bandwidth utilization. You can define the following rate limiters:

  • Maximum upstream and downstream rates—The maximum upstream and downstream rate for all applications associated with the SLA profile.

  • Maximum upstream and downstream burst sizes—The maximum size of a steady stream of traffic sent at average rates that exceed the upstream and downstream rate limits for short periods.

Table 2: Path-Based Profile Categories

Category

Description

Path preference

Paths are the WAN links to be used for the SLA profile. You can select an MPLS or Internet link as the preferred path. MPLS is more latency-sensitive than Internet.

Class of service

Class of service (CoS) provides different levels of service assurances to various forms of traffic. CoS enables you to divide traffic into classes and offer an assured service level for each class. The classes of service listed in increasing order of priority and sensitivity to latency are best effort, voice, interactive video, streaming audio or video, control, and business essential. The default CoS is voice.

Rate limiters

Rate limiters are defined for traffic shaping and efficient bandwidth utilization. You can define the following rate limiters:

  • Maximum upstream and downstream rates—The maximum upstream and downstream rate for all applications associated with the SLA profile.

  • Maximum upstream and downstream burst sizes—The maximum size of a steady stream of traffic sent at average rates that exceed the upstream and downstream rate limits for short periods.

Table 3: Breakout Profile Categories

Category

Description

Type

The type of breakout profile that you want to add:

  • Local Breakout (Underlay)—Select this option if you want traffic to break out locally (on the underlay) from the site.

  • Backhaul—Select this option if you want traffic to break out through a hub or a enterprise hub (if configured).

  • Local Breakout (Cloud)—Select to break out traffic through a cloud-based security platform. Currently, Zscaler is the only cloud-based security platform supported.

Traffic Type Profile

The traffic type profile to apply class of service parameters to the breakout traffic. You can select only a traffic type profile that is enabled.

Preferred Path

The preferred path (MPLS, Internet, or Any) to be used for breaking out the traffic.

If a WAN link type that matches the preferred path is enabled for breakout, then that WAN link type is used for breakout traffic.

If you specify that any path can be used, then there is no preference and all breakout-enabled links are used in a load-balancing mode.

Rate Limiting

Rate limiting of breakout traffic for cacheable applications. By default, rate limiting is disabled.

If you enable rate limiting, you must specify the upstream and downstream parameters, and the loss priority.

Upstream Rate

The maximum upstream rate (in Kbps) for all cacheable applications associated with the breakout profile.

Upstream Burst Size

The maximum size (in bytes) of a steady stream of traffic sent at average rates that exceed the upstream rate limit for short periods.

Downstream Rate

The maximum downstream rate (in Kbps) for all cacheable applications associated with the breakout profile.

Downstream Burst Size

The maximum size (in bytes) of a steady stream of traffic sent at average rates that exceed the downstream rate limit for short periods.

Loss Priority

Loss priority based on which packets are dropped or retained when network congestion occurs. Packet drops are most likely when the loss priority is High and least likely when the loss priority is Low.

SD-WAN Policies

SD-WAN policy intents help in optimum utilization of the WAN links and efficient load distribution of traffic. SD-WAN policy intents are applied to source endpoints (such as sites and departments) and destination endpoints (applications or application groups) and can be defined for site-to-site traffic (by using SLA profiles) or for breakout traffic (by using breakout profiles).

Policy intents consist of the following parameters:

  • Source—A source endpoint that you can choose from a list of sites, site groups, and departments or a combination of all of these. The SD-WAN policy intent is applied to the selected source endpoint.

  • Destination—A destination endpoint that you can choose from a list of applications and predefined or custom application groups. You can select a maximum of 32 applications or application groups as destination endpoints. The SD-WAN policy intent is applied to the selected destination endpoint.

    Applications are classified into the following categories:

    • Cacheable applications, which refer to applications or application groups that are stored in the application cache when they are recognized by the device. After they are stored in the application cache, subsequent sessions are routed directly through the correct WAN link.

    • Non-cacheable applications, which refer to applications or application groups that are not stored in the application cache and all sessions are first routed through the default path, and then routed to the correct WAN link based on the SD-WAN policy.

  • Traffic Steering Profile—Depending on whether you want to apply the policy intent to site-to-site traffic or breakout traffic, you can associate the traffic steering profile with the policy intent. The following options are available:

    • SLA-based steering profile— Applicable for site-to-site traffic (Not applicable to the Secure SD-WAN Essentials service.)

    • Path-based steering profile— Applicable for site-to-site traffic

    • Breakout profile—Applicable for breakout traffic (local, central, or cloud).

  • Intent name—A unique name for the SD-WAN policy intent.

SD-WAN supports advanced policy-based routing (APBR). APBR enables you to dynamically define the routing behavior of the SD-WAN network based on applications. Dynamic application-based routing makes it possible to define policies and to switch WAN links on the fly based on the application's defined SLA parameters. The APBR mechanism classifies sessions based on applications and application signatures and uses policy intents to identify the best possible route for the application. When the best possible route does not meet the application's defined SLA requirements, the SD-WAN network finds the next best possible route to meet SLA requirements.

For example, consider an application in a site. If you want the application group to use custom throughput, latency, or jitter, you can create an SLA profile with these custom values. You can then create an intent and configure the intent with the application and apply the custom SLA profile. When the intent is deployed, CSO determines the best suited WAN link to route traffic based in the application. If the WAN link fails to meet SLA requirements in runtime, the SD-WAN network switches WAN links to the next best suited path.

On the basis of the configured traffic-based steering profile constraints, you can categorize SD-WAN policies into three types:

  • Path-based steering policy—If only the path preference is defined and none of the SLA parameters are defined in the SLA profile, then the policy is called a path-based steering policy. In path-based steering profile, you can define the path (MPLS or Internet) that must be used for a given traffic type profile, You cannot configure SLA parameters or path failover criteria for a path-based steering profile. The traffic type profile must be in enabled state in order to be used in any profile.

  • SLA-based steering policy—If one or more SLA parameters in the SLA profile are defined, then the policy is called an SLA-based steering policy. In an SLA-based steering profile, each profile is associated with a traffic type profile and tracks the SLA parameters such as packet loss, Jitter and RTT. The traffic type profile must be in enabled state in order to be used in any profile. Based on your requirements, you can choose the recommended SLA threshold or enter custom SLA threshold for the traffic type profile. You can even set the path preference (Any, MPLS, or Internet) to switch traffic from one WAN interface to another based on the path failover criteria.

    When an intent is deployed on a site, if the WAN link chosen by the SD-WAN network does not meet the SLA requirements and the network performance deteriorates, then the site switches WAN links to meet the SLA requirements. The link switching is recorded as an SD-WAN event and displayed in the SD-WAN Events page in the customer portal and the Tenant_name SLA Performance pages in the administration and customer portals.

  • Breakout policy—If local breakout, central breakout, or cloud breakout parameters are defined, then the policy is called a breakout policy.