Create a Path Quality Profile
Table of Contents
Expand all | Collapse all
-
- Create a Link Tag
- Configure an SD-WAN Interface Profile
- Configure a Physical Ethernet Interface for SD-WAN
- Configure an Aggregate Ethernet Interface and Subinterfaces for SD-WAN
- Configure Layer 3 Subinterfaces for SD-WAN
- Configure a Virtual SD-WAN Interface
- Create a Default Route to the SD-WAN Interface
-
- Create a Path Quality Profile
-
- Create a SaaS Quality Profile
- Use Case: Configure SaaS Monitoring for a Branch Firewall
- Use Case: Configure a Hub Firewall Failover for SaaS Monitoring from a Branch Firewall to the Same SaaS Application Destination
- Use Case: Configure a Hub Firewall Failover for SaaS Monitoring from a Branch Firewall to a Different SaaS Application Destination
- SD-WAN Traffic Distribution Profiles
- Create a Traffic Distribution Profile
- Create an Error Correction Profile
- Configure an SD-WAN Policy Rule
- Allow Direct Internet Access Traffic Failover to MPLS Link
- Configure DIA AnyPath
- Distribute Unmatched Sessions
- Configure Multiple Virtual Routers on SD-WAN Hub
- Configure HA Devices for SD-WAN
- Create a VPN Cluster
- Create a Full Mesh VPN Cluster with DDNS Service
- Create a Static Route for SD-WAN
Create a Path Quality Profile
Create a path quality profile to control when the firewall
replaces a deteriorating path with a new path for packets matching
the SD-WAN policy rule.
Create a Path Quality profile for each set
of business-critical and latency-sensitive applications, application
filters, application groups, services, service objects and service
group objects that has unique network quality (health) requirements
based on latency, jitter, and packet loss percentage. Applications
and services can share a Path Quality profile. Specify the maximum
threshold for each parameter, above which the firewall considers
the path deteriorated enough to select a better path.
As an
alternative to creating a Path Quality profile, you can use any
of the predefined Path Quality profiles, such as general-business, voip-video, file-sharing, audio-streaming, photo-video,
and remote-access, and more. The predefined
profiles are set up to optimize the latency, jitter, and packet
loss thresholds for the type of applications and services suggested
by the name of the profile.
The predefined
Path Quality profiles for a Panorama device group are based on the
default Probe Frequency settings in the SD-WAN
Interface profile for a Panorama template. If you change the default
Probe Frequency setting, you must adjust the Packet Loss percentage
threshold in the Path Quality profile for the firewalls in a Device
Group that are affected by the Panorama template where you changed
the Interface profile.
The firewall treats the latency,
jitter, and packet loss thresholds as OR conditions, meaning if
any one of the thresholds is exceeded, the firewall selects the
new best (preferred) path. Any path that has latency, jitter, and
packet loss less than or equal to all three thresholds is considered
qualified and the firewall selected the path based on the associated
Traffic Distribution profile.
By default, the firewall measures latency and jitter every
200ms and takes an average of the last three measurements to measure
path quality in a sliding window. You can modify this behavior by
selecting aggressive or relaxed path monitoring when you Configure an SD-WAN Interface Profile.
If
a path fails over because it exceeded the configured packet
loss threshold, the firewall still sends probing packets on
the failed path and calculates its packet loss percentage as the
path recovers. It can take approximately three minutes for the packet
loss percentage on a recovered path to fall below the packet loss
threshold configured in the Path Quality profile. For example, suppose
an SD-WAN policy rule for an application has a Path Quality profile
that specifies a packet loss threshold of 1% and a Traffic Distribution
profile that specifies Top Down distribution with tag 1 (applied
to tunnel.1) first on the list and tag 2 (applied to tunnel.2) next
on the list. When tunnel.1 exceeds 1% packet loss, the data packets
fail over to tunnel.2. After tunnel.1 recovers to 0% packet loss
(based on probing packets), it can take up to three minutes for
the monitored packet loss rate for tunnel.1 to drop below 1%, at
which time the firewall then selects tunnel.1 as the best path again.
The
sensitivity setting indicates which parameter (latency, jitter,
or packet loss) is more important (preferred) for the applications
to which the profile applies. When the firewall evaluates link quality,
it considers a parameter with a high setting
first. For example, when the firewall compares two links, suppose
one link has 100ms latency and 20ms jitter; the other link has 300ms
latency and 10 ms jitter. If the sensitivity for latency is high,
the firewall chooses the first link. If the sensitivity for jitter
is high, the firewall chooses the second link. If the parameters
have the same sensitivity (by default the parameters are set to medium),
the firewall evaluates packet loss first, then latency, and jitter
last.
As the SD-WAN Traffic Distribution Profiles concept
states, the new path selection occurs in less than one second if
you leave Path Monitoring and
Probe Frequency with default settings; otherwise, new path
selection could take more than one second. To achieve subsecond
failover based on packet loss, you must set the latency sensitivity
to high and the latency threshold to no more
than 250ms.
Reference the Path Quality profile in an SD-WAN policy rule to
control the threshold at which the firewall replaces a deteriorating
path with a new path for matching application packets.
- Log in to the Panorama Web Interface.
- Select a Device Group.
- Select ObjectsSD-WAN Link ManagementPath Quality Profile.
- Add a Path Quality profile by Name using a maximum of 31 alphanumeric characters.
- For Latency, double-click the Threshold value and enter the number of milliseconds allowed for a packet to leave the firewall, arrive at the opposite end of the SD-WAN tunnel, and a response packet to return to the firewall before the threshold is exceeded (range is 10 to 2,000; default is 100).
- For Latency, select the Sensitivity (low, medium,
or high). Default is medium. Click the arrow at the end of the Threshold column to sort thresholds in ascending or descending numerical order.
- For Jitter, double-click the Threshold value and enter the number of milliseconds (range is 10 to 1,000; default is 100).
- For Jitter, select the Sensitivity (low, medium, or high). Default is medium.
- For Packet Loss, double-click
the Threshold value and enter the percentage
of packets lost on the link before the threshold is exceeded (range
is 1 to 100.0; default is 1).Setting the Sensitivity for Packet Loss has no effect, so leave the default setting.If you change the Probe Frequency in an SD-WAN Interface profile for a Panorama template, you should also adjust the Packet Loss threshold for a Panorama device group.
- Click OK.
- Commit and Commit and Push your configuration changes.
- Commit your changes.
- Repeat this task for every Device Group.