Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Application Quality of Experience Overview

Contrail Service Orchestration (CSO) supports Application Quality of Experience (AppQoE) that enables you to effectively prioritize, segregate, and route business-critical application traffic without compromising performance or availability.

AppQoE utilizes the capabilities of two application security services:

  • Application identification (AppID) to identify specific applications in your network.

  • Advanced policy-based routing (APBR) to specify a path for the application traffic.

AppQoE-enabled devices perform service- level agreement (SLA) measurements across the available WAN links, and then dynamically map the application traffic to the path that best serves the application’s SLA requirement.


AppQoE is applicable only for SD-WAN sites.

AppQoE is supported on the following devices in both hub-and-spoke and full mesh topologies:

  • vSRX Virtual Firewall instances

  • SRX300 series

  • SRX550M

  • SRX1500

  • SRX4100

  • SRX4200

You can configure an AppQoE between two SRX Series Firewall endpoints (book-ended) when both the devices run the same version of Junos OS.

CSO pushes the SLA parameters, path selection parameters and related configuration to the device and the device monitors the links for SLA violation. If there is a violation, the device switches the link and generates APPQOE_(APP)_SLA_METRIC_VIOLATION and APPQOE_BEST_PATH_SELECTED system log messages. The device also aggregates and averages the SLA metrics, and generates periodic APPQOE_APP_PASSIVE_SLA_METRIC_REPORT system log messages.

AppQoE measures the application performance across multiple links by collecting real-time data by continuously the monitoring application traffic and identifying any network or device issues by sending active and passive probes. To monitor the SLA compliance of the link on which the application traffic is sent, the Customer Premises Equipment (CPE) device sends inline probes (called passive probes) along with the application traffic. Additionally, to identify the best available link for an application if the active link fails to meet the SLA criteria, the CPE constantly monitors and collects the SLA compliance data for the other available links by sending probes (called active probes) over the links. The active probes are sent based on the probe parameters that you configure in the application traffic type profile.

The CPE device switches links at the application level, which means that only the traffic corresponding to the application that reported the SLA violation is moved to a link that meets the specified SLA. Traffic for the remaining applications remain on the same link until those applications report an SLA violation.

You can configure traffic type profiles to specify the class of service (CoS) and probe parameters for each traffic type. When you add a steering profile (SLA-based or path-based), you specify the SLA parameters and SLA sampling criteria, and link the steering profile with a traffic type profile. The steering profile is then linked to an SD-WAN policy intent and the SD-WAN policy is deployed to enable AppQoE.

From the Application SLA Performance (Monitor > Application SLA Performance) page, you can view the application-level SLA performance information and whether AppQoE is enabled. You can also view applications-level SLA performance details such as packet loss, round-trip time (RTT), jitter metric, throughput, latency metric, and the number of probes.

For more information on the AppQoE workflow, see Configure and Monitor Application Quality of Experience.

Benefits of Application Quality of Experience

  • Enables cost-effective QoE by real-time monitoring of application traffic, which provides a consistent and predictable level of service.

  • Improves the user experience at the application level by ensuring that the application data is sent over the most SLA-compliant link.