Create a Path Quality Profile

Create a path quality profile to control when the firewall replaces a deteriorating path with a new path for packets matching the SD-WAN policy rule.
Create a Path Quality profile for each set of business-critical and latency-sensitive applications, application filters, application groups, services, service objects and service group objects that has unique network quality (health) requirements based on latency, jitter, and packet loss percentage. Applications and services can share a Path Quality profile. Specify the maximum threshold for each parameter, above which the firewall considers the path deteriorated enough to select a better path.
As an alternative to creating a Path Quality profile, you can use any of the predefined Path Quality profiles, such as
general-business
,
voip-video
,
file-sharing
,
audio-streaming
,
photo-video
, and
remote-access
, and more. The predefined profiles are set up to optimize the latency, jitter, and packet loss thresholds for the type of applications and services suggested by the name of the profile.
The predefined Path Quality profiles for a Panorama device group are based on the default
Probe Frequency
settings in the SD-WAN Interface profile for a Panorama template. If you change the default Probe Frequency setting, you must adjust the
Packet Loss
percentage threshold in the Path Quality profile for the firewalls in a Device Group that are affected by the Panorama template where you changed the Interface profile.
The firewall treats the latency, jitter, and packet loss thresholds as OR conditions, meaning if any one of the thresholds is exceeded, the firewall selects the new best (preferred) path. Any path that has latency, jitter, and packet loss less than or equal to all three thresholds is considered qualified and the firewall selected the path based on the associated Traffic Distribution profile.
By default, the firewall measures
latency
and
jitter
every 200ms and takes an average of the last three measurements to measure path quality in a sliding window. You can modify this behavior by selecting aggressive or relaxed path monitoring when you Configure an SD-WAN Interface Profile.
If a path fails over because it exceeded the configured
packet loss
threshold, the firewall still sends probing packets on the failed path and calculates its packet loss percentage as the path recovers. It can take approximately three minutes for the packet loss percentage on a recovered path to fall below the packet loss threshold configured in the Path Quality profile. For example, suppose an SD-WAN policy rule for an application has a Path Quality profile that specifies a packet loss threshold of 1% and a Traffic Distribution profile that specifies Top Down distribution with tag 1 (applied to tunnel.1) first on the list and tag 2 (applied to tunnel.2) next on the list. When tunnel.1 exceeds 1% packet loss, the data packets fail over to tunnel.2. After tunnel.1 recovers to 0% packet loss (based on probing packets), it can take up to three minutes for the monitored packet loss rate for tunnel.1 to drop below 1%, at which time the firewall then selects tunnel.1 as the best path again.
The sensitivity setting indicates which parameter (latency, jitter, or packet loss) is more important (preferred) for the applications to which the profile applies. When the firewall evaluates link quality, it considers a parameter with a
high
setting first. For example, when the firewall compares two links, suppose one link has 100ms latency and 20ms jitter; the other link has 300ms latency and 10 ms jitter. If the sensitivity for latency is high, the firewall chooses the first link. If the sensitivity for jitter is high, the firewall chooses the second link. If the parameters have the same sensitivity (by default the parameters are set to
medium
), the firewall evaluates packet loss first, then latency, and jitter last.
As the SD-WAN Traffic Distribution Profiles concept states, the new path selection occurs in less than one second if you leave Path Monitoring and Probe Frequency with default settings; otherwise, new path selection could take more than one second. To achieve subsecond failover based on packet loss, you must set the latency sensitivity to
high
and the latency threshold to no more than 250ms.
Reference the Path Quality profile in an SD-WAN policy rule to control the threshold at which the firewall replaces a deteriorating path with a new path for matching application packets.
  1. Select a
    Device Group
    .
  2. Select
    Objects
    SD-WAN Link Management
    Path Quality Profile
    .
  3. Add
    a Path Quality profile by
    Name
    using a maximum of 31 alphanumeric characters.
  4. For
    Latency
    , double-click the
    Threshold
    value and enter the number of milliseconds allowed for a packet to leave the firewall, arrive at the opposite end of the SD-WAN tunnel, and a response packet to return to the firewall before the threshold is exceeded (range is 10 to 2,000; default is 100).
  5. For
    Latency
    , select the
    Sensitivity
    (
    low
    ,
    medium
    , or
    high
    ). Default is
    medium
    .
    Click the arrow at the end of the Threshold column to sort thresholds in ascending or descending numerical order.
  6. For
    Jitter
    , double-click the
    Threshold
    value and enter the number of milliseconds (range is 10 to 1,000; default is 100).
  7. For
    Jitter
    , select the
    Sensitivity
    (
    low
    ,
    medium
    , or
    high
    ). Default is
    medium
    .
  8. For
    Packet Loss
    , double-click the
    Threshold
    value and enter the percentage of packets lost on the link before the threshold is exceeded (range is 1 to 100.0; default is 1).
    Setting the
    Sensitivity
    for
    Packet Loss
    has no effect, so leave the default setting.
    If you change the
    Probe Frequency
    in an SD-WAN Interface profile for a Panorama template, you should also adjust the Packet Loss threshold for a Panorama device group.
  9. Click
    OK
    .
  10. Commit
    and
    Commit and Push
    your configuration changes.
  11. Commit
    your changes.
  12. Repeat this task for every Device Group.

Recommended For You