Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

sla-rule

Syntax

Syntax (Prior Junos OS Release 21.2R1)

Hierarchy Level

[edit security advance-policy-based-routing]

Description

Configure an SLA rule.

An SLA rule includes all information required to measure the SLA and to identify whether any SLA violation has occurred or not. It contains the complete probe profiles, time interval which the profiles need to be sent, preferred SLA configuration, and so on.

When you configure an APBR rule, you must associate the corresponding SLA rule for the application.

The presence of SLA rule in the APBR configuration triggers the AppQoE functionality; If there are no SLA profiles available, APBR operates without AppQoE.

Options

active-probe-params probe-params-name

Name of the active probe parameter. Associate the active probe parameter with the SLA rule.

affinity

Define link type affinity. For strict affinity, AppQoE ensures that the selected path is always from the preferred tag. For the default affinity (loose), if there is no SLA meeting link in the preferred tag, AppQoE selects a link outside the preferred tag that meets the SLA requirements.

  • Default: loose

    If the link-type affinity is not configured as strict, then an overlay link with the highest SLA score is selected. If there are no links meeting the SLA requirements and belonging to the preferred link type available, then AppQoE selects a link outside of the preferred link type that meets the SLA requirements. However, path selection mechanism continues to check for a preferred link meeting the SLA requirements. Once the preferred link type meeting the SLA requirement is available, then the application traffic is switched back to that link.
link-type-affinity (strict)

(optional) Configure the link-type affinity as strict for the preferred link type. For strict affinity, AppQoE ensures that the path selected is always of the preferred link type. When the default affinity (loose) is configured and if there are no SLA meeting links belonging to the preferred link type available, then AppQoE selects a link outside the preferred link type that meets the SLA requirements.

Following table provides details on AppQoE pat selection mechanism based on affinity type.

Table 1: Enhanced AppQoE Path Selection
Affinity Type SLA Metrics Type Link Selection Preference
If there is a preferred tag If there are multiple preferred tags If there is no preferred tag
Strict With SLA metrics AppQoE selects the links with the preferred tag. AppQoE selects the link with highest path score. If there are multiple links with same path score, then the link selection happens as per the priority. To configure affinity as strict, the user need to configure a preferred tag.
Strict Without SLA metrics AppQoE selects the links with the preferred tag. AppQoE selects the link based on the priority. To configure affinity as strict, the user need to configure a preferred tag.
Loose With SLA metrics AppQoE selects the links with the preferred tag. AppQoE selects the link with highest path score. If there are multiple links with same path score, then the link selection happens as per the priority. AppQoE selects the link outside the preferred tag with best path score.

The link selection switches back to preferred link when a link with a preferred tag is available.

If there are multiple links with same the preferred tag after switchback, AppQoE selects the preferred link with highest path score. If there are multiple links with same path score, then the link selection happens as per the priority.

Loose Without SLA metrics AppQoE selects the links with the preferred tag. AppQoE selects the link based on the priority. AppQoE selects non preferred link with highest priority.

If there are multiple non preferred links with similar priority, then the link selection happens randomly.

Prior to Junos OS Release 21.2R1, during traffic flow, switching from a link with a lower priority value that meets the SLA requirements to a link with a higher priority is not supported when the link with higher priority meets the SLA requirements.

When a currently selected link and the highest priority link are part of a indirect next-hop table (belonging to a different routing instance), the application traffic does not switch to the highest priority link. It switches to the highest priority link only when the SLA manager is triggered. The SLA manager is triggered for the following reasons:

  • When no path for application traffic is selected,
  • SLA is violated partially
  • A non-preferred link is available as best path
  • A non-highest priority link is available as the best path
  • Change in next-hop ID
  • Configuration changes
  • Current best path link is down
  • SLA violation is detected
metrics-profile profile-name

Metric profile name. The SLA rule contains metric profiles that provide the acceptable threshold. If the violation goes beyond the threshold, an alternate path is identified and then traffic is rerouted.

passive-probe-params

Passive probe parameter name. Passive probes are installed on links within the network, and they monitor all the traffic that flows through those links.. This option is not supported for SaaS applications.

preferred-link-type (IP | MPLS | Any)

Select an MPLS or Internet link as the preferred path. If you do not select IP or MPLS, the preferred link type Any is selected when the link-type affinity is configured as loose (default link type affinity). Configuring the link type as Any when the link-type affinity is configured as strict is not supported.

  • Default: Any

preferred-tag

Define a custom tag such as ISP1, ISP2, WAN1, IP, MPLS, and so on as per the requirement. The security device does not support the preferred tag as Any when you configure affinity as strict.

The preferred tag is case sensitive. For example, the security device considers the prefered tag IP and ip as different tags.

  • Default: any

Custom Link Tag

SLA link preference for security device interfaces support custom link tags. If there are multiple links that meet SLA, you can set link preference by configuring the preferred-tag and affinity options at the [edit security advance-policy-based-routing sla-rule sla-rule-name link-preferences] hierarchy level.

Application Traffic Switch to the Higher Priority Link of the Preferred Tags

During the traffic flow, AppQoE allows the application traffic to switch from a lower priority link to a higher priority link that meets SLA requirements.

Non-SLA metrics Based Deployments

We support AppQoE for application-based traffic or non-application based traffic even when the SLA metrics are not available.

Overlay Interface Attribute Preference

In case of conflicting attributes within an overlay or between an overlay and corresponding underlay interfaces, the highest level overlay link attributes take precedence. Link attribute gr interface take precedence over corresponding st interface and st interface takes precedence over ge or xe underlay interfaces.

sla-export-factor value

Set interval to report passive probe report metrics at the application level.

Example: When you configure the sla-export-factor as 5, passive probe results are exported once at the end of the 5th, 10th, and 15th probe interval. You can use a passive probe report to report any data that remains unreported in the probe interval at the end of a session.

With application-level summarization, each probe candidate session must send data to central location where the metrics are aggregated. The data thus aggregated is sent out once the configured SLA export factor is met.

  • Range: 5 through 1000

  • Default: 500

switch-idle-time period

Path switch idle time in seconds. This is the period during which no subsequent switching of application traffic path occurs until the switch idle time expires. This idle time starts when application traffic switches the path.

  • Range: 5 through 300 seconds

type

Define SLA rule type.

saas

Select SLA rule type sa Software as a Service (SaaS).

To perform AppQoE for SaaS application, you must define an SLA rule as SaaS and use policy-based APBR profile. You must specify SaaS destination server URL in address book configuration.

To configure AppQoE for SaaS applications:

  1. Define the SLA rule type as SaaS (set security advance-policy-based-routing sla-rule sla1 type saas ).

  2. Include SaaS server details in the address book (set security address-book global address address-book dns-name saas-server-url ipv4-only).

  3. Attach the SLA rule to the policy-based APBR profile.

violation-count number

Indicates the number of violations that must occur in a sampling-period for a given session before a link is marked as having violated the SLA.

  • Range: 1 through 32 seconds

  • Default: 5

Required Privilege Level

services—To view this statement in the configuration.

services-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 18.2R1.

The options preferred-link-type and link-type-affinity are introduced in Junos OS Release 18.4R1.

The options sla-export-factor and violation-count are moved to [edit security advance-policy-based-routing sla-rule] hierarchy in Junos OS Release 19.2R1.

The options preferred-tag and affinity are introduced in Junos OS Release 21.2R1.