SD-WAN Traffic Steering Using Policy Rules

You need to create an SD-WAN policy to shape the traffic that egresses the SD-WAN firewall.

You may want to create different SD-WAN policy rules depending on the traffic types and link types that you have. Each SD-WAN policy has a traffic distribution policy (TDP) and path qualify profile (PQP) attached to it. PQP contains thresholds for latency, jitter, and packet loss. When one of the thresholds is exceeded, the firewall selects a new path for the applications based on the link tags added under the traffic distribution policy. As a best practice, leveraging the predefined PQP can help you get started quickly without having to figure out the correct latency, jitter, and packet loss thresholds for each application you need to manage.

Palo Alto Networks has created the SD-WAN predefined path quality profiles by testing multiple applications from each application category in a controlled environment. The latency, jitter, and packet loss conditions were adjusted independently to see where the application’s user experience dropped below acceptable levels and the results were compiled with other applications from the same category to determine an acceptable starting point. If needed, you can tune the values provided by the predefined PQPs as you gain more experience on how the application responds to the threshold values, and path failover can be accelerated or postponed to achieve the desired user experience. As a best practice, make a copy of the predefined profile and adjust the latency, jitter, and packet loss values as needed. In general, raising the values delays SD-WAN path failover and lowering them accelerates path failover.