Leveraging The Full Power Of Prisma SD-WAN App SLA Assurance

BPruitt — Wed, 10 Apr 2024 20:42:54 GMT

Introduction

Building upon the strong application identification and performance characterization capabilities of Prisma SD-WAN, App SLA Assurance enables a flexible framework for the both Application and Network SLAs. By first understanding the application using Palo Alto Networks App-ID technology, Prisma SD-WAN is able to identify thousands of applications out of the box in addition to custom L3/L4 and L7 application definitions. By combining the application and network performance characterization with the control of the Prisma SD-WAN policy model, network operators are able to deliver an exceptional end-user experience while simplifying day 2 operations.

Real-User Performance Characterization

After an application is identified the performance of each real user session is characterized including:

Initialization Success / Failure Rate - TCP 3-way handshake
Transaction Success / Failure Rate - TCP Retransmission
Application Round Trip Time
Application Server Response Time
Application Transaction Time
Voice MOS
Voice / Video Packet Loss
Voice / Video Jitter

Link Quality Metrics

Additionally there are two "Always On" technologies used to determine point to point transport (IE Link Quality) performance as well as service performance. For Link Quality the following metrics are measured:

Round Trip Latency
Packet Loss (Bi-directional)
Jitter (Bi-directional)
Link MOS (Bi-directional)
Bandwidth Consumption (Bi-directional)

Service Probing

The second "Always On" performance characterization method uses defined (default and custom) service probing for multiple protocols including ICMP, DNS, HTTP, HTTPS and measures:

HTTP/S Response Time
HTTP/S Response Code
HTTP/S Response String
HTTP/S Response Success / Failure
DNS Response Success / Failure
DNS Transaction Time
ICMP Packet Loss
ICMP Round Trip Latency
ICMP Round Trip Jitter

The default probes measure:

ICMP response to Google G-suite : apps.google.com
ICMP response to CloudFlare DNS : 1.1.1.1
ICMP response to Microsoft Teams : teams.microsoft.com

These probes enable the system to determine the per path performance to a specific service endpoint which is then used to make the most informed path selection decision. Up to 8 probes can be configured per Circuit and can be sent on any combination of Prisma SD-WAN overlay, Standard VPN overlay, and Underlay.

Path Selection

The various real time metrics are each fed back into path selection and used to protect existing application sessions by moving active traffic around issues as well as placing new application sessions onto the best performing path. The path selection intent is specified in path policy rules.

Quality-Based Control

The definition of application and network SLAs is controlled via the Prisma SD-WAN Performance Policy. In Performance Policy desired actions are first selected. These include:

Generate Incident - If the SLA parameters are violated an incident will be created.
Move Flows - Move new and existing flows away from paths that do not meet the SLA.
Forward Error Correction - If a SLA compliant path is not available then invoke adaptive FEC to correct packet loss.
Packet Duplication - Duplicate the packets of a flow on up to 3 paths.
Visibility - Link Quality SLAs configured will be reflected on the Link Quality time series charts.

Furthermore, detailed match criteria enable flexible tuning of the SLA parameters:

Application IDs - One or more App-IDs
Application Transfer Types
Circuit Categories
Path Types
Service & DC Groups
SLA Type - Application, Network, Probe

Summary

Prisma SD-WAN Application SLA assurance provides out of the box protection and can be tuned to most nuanced needs of any enterprise, thus enabling the delivery of an exceptional end user application experience while simplifying day 2 operations.

For step by step guides on how to configure App SLA rules please review the Prisma SD-WAN Admin Guide:

https://docs.paloaltonetworks.com/prisma/prisma-sd-wan/prisma-sd-wan-admin

article Leveraging The Full Power Of Prisma SD-WAN App SLA Assurance in Prisma SD-WAN Articles

Leveraging The Full Power Of Prisma SD-WAN App SLA Assurance