Telnet traffic originating from Site-1 should use the MPLS transport with the following SLA and if SLA is not met, the router should use Biz-Internet transport.SLA for Telnet
Loss = 5%
Latency = 200
Jitter = 100ms
Currently it is using the both transports with load balancing manner for any traffic between sites.
(following image is taken by traffic simulation in vManage)
Since AAR is a Traffic Policy under Centralized Policies, following are the steps to configure.
1. Create Groups of Interest (Objects needed to configure a policy)
2. Configure Topology and VPN Membership (Topology Policy / Control Policy component)
3. Configure Traffic Rules ( Traffic Policy / Data Policy component)
4. Apply Policies to Sites and VPNs
Step 2 is not required as there is no Topology / Control Policy required.
1. Creating Groups of Interests / Lists
Have to create the Site, VPN and SLA Class as Groups of Interests which will be required in later steps while configuring the policy.
Go to Configuration > Policies > Centralized Policies and Add Policy
Click on Site at left side menu to create Sites.
I am Creating Colombo as Site 1.
Now Create a VPN for the Service VPN..
Now Create the SLA Class.
Hit Next, which will go to the Step 2 to Configure Topology and VPN Membership.
You can skip this part as this is not required, and by hitting Next will lead to the page to Configure Traffic Rules..
3. Configure Traffic Rules
There you will see 3 tabs; Applications Aware Routing, Traffic Data, Cflowd.
Here in this example, only the 1st tab is required.
Hit Add Policy to Create New..
Name the Policy and hit + Sequence Type and a new item named App Route will be added to the left side menu just above the Default Action.
Click on + Sequence Rule
This is where you will create Match Condition and Actions.
Click on Protocol under Match and enter 6 for TCP
Click on Destination Port and enter 23 for TELNET
Now Click on SLA Class List under Actions and select SLA-TELNET which was created and select the preferred color as MPLS and select Strict/Drop.
And click on Save Match and Actions.
Add another Sequence Rule for Web just like the above.
(click on the image to view in full size)
Make sure to check the Default Action Set to None and Enabled.
Now Save Application Aware Routing Policy..
Then hit Next to go to the page where you Apply Policies to Sites and VPNs page.
4. Apply Policies to Sites and VPNs
In this page you will see the place to name the Centralized Policy and there will be 4 tabs again.
Click on the 2nd tab which is for Application-Aware Routing..
Click on + New Site/Region List and VPN List and select the Sites and VPN created previously and hit Add.
Now you can Save Policy once and for all..
Then you will redirect to the Centralized Policy page where you began and here you can click the 3 dots at the end of the policy and click Activate.
It will be pushed to vSmart and vSmart will push it to WAN edges in applied sites.
ARR with DPI (Deep Packet Inspection)
This one is not really about a Deep Packet Inspection we see in firewalls kind of security devices but this means to identify and work with traffic based on Application Layer information. As an example, Google apps like android-updates, Microsoft apps like ms-office-365 etc which may work in many transport layer ports dynamically. There is Telnet also so actually you can cater the above requirement using this method as well.
If you are doing this way, you need to create another Groups of Interest named Application List.
Then add that Application List in the Match condition in Traffic Rules and that's it.
Verification
If the policy is based on Layer 4 information only (TCP port number) make sure to use Advanced Options and use Protocol Number as 6 for TCP and por number.
The Application drop down is for the policies with DPI (Deep Packet Inspection) which leverages the information gathered through NBAR I guess.
(click on the image to view in full size)
If it is acting weirdly, not giving the intended output may be it's just a cosmetic issue in your simulation environment or images.
You can see the current SLA values by following command.
show app-route stats in vEdges and show sdwan app-route stats in cEdges
cEdges will show an output similar to following..
If you are using PNET Lab (I haven't test this in EVE-NG) there is an option to change the link quality in GUI. It really works but it didn't 100% work for me in my SD-WAN labs. I believe that's because of an issue in the images I tested with but as you can see from following captures it changed the ping latency.
No comments:
Post a Comment