This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Leveraging The Full Power Of Prisma SD-WAN App SLA Assurance

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Leveraging The Full Power Of Prisma SD-WAN App SLA Assurance

BPruitt
L2 Linker

‎04-10-2024 12:06 PM - edited ‎04-10-2024 01:42 PM

No ratings

Introduction

Building upon the strong application identification and performance characterization capabilities of Prisma SD-WAN, App SLA Assurance enables a flexible framework for the both Application and Network SLAs.  By first understanding the application using Palo Alto Networks App-ID technology, Prisma SD-WAN is able to identify thousands of applications out of the box in addition to custom L3/L4 and L7 application definitions.  By combining the application and network performance characterization with the control of the Prisma SD-WAN policy model, network operators are able to deliver an exceptional end-user experience while simplifying day 2 operations.  

 

Real-User Performance Characterization

After an application is identified the performance of each real user session is characterized including:

  • Initialization Success / Failure Rate - TCP 3-way handshake
  • Transaction Success / Failure Rate - TCP Retransmission
  • Application Round Trip Time
  • Application Server Response Time
  • Application Transaction Time
  • Voice MOS
  • Voice / Video Packet Loss
  • Voice / Video Jitter

 

Link Quality Metrics

Additionally there are two "Always On" technologies used to determine point to point transport (IE Link Quality) performance as well as service performance.  For Link Quality the following metrics are measured:

  • Round Trip Latency
  • Packet Loss (Bi-directional)
  • Jitter (Bi-directional)
  • Link MOS (Bi-directional)
  • Bandwidth Consumption (Bi-directional)

Service Probing

The second "Always On" performance characterization method uses defined (default and custom) service probing for multiple protocols including ICMP, DNS, HTTP, HTTPS and measures:

  • HTTP/S Response Time
  • HTTP/S Response Code
  • HTTP/S Response String
  • HTTP/S Response Success / Failure
  • DNS Response Success / Failure
  • DNS Transaction Time
  • ICMP Packet Loss
  • ICMP Round Trip Latency
  • ICMP Round Trip Jitter

The default probes measure:

  • ICMP response to Google G-suite : apps.google.com
  • ICMP response to CloudFlare DNS : 1.1.1.1
  • ICMP response to Microsoft Teams : teams.microsoft.com

 

These probes enable the system to determine the per path performance to a specific service endpoint which is then used to make the most informed path selection decision.  Up to 8 probes can be configured per Circuit and can be sent on any combination of Prisma SD-WAN overlay, Standard VPN overlay, and Underlay. 

 

Path Selection

The various real time metrics are each fed back into path selection and used to protect existing application sessions by moving active traffic around issues as well as placing new application sessions onto the best performing path.  The path selection intent is specified in path policy rules.  

 

Quality-Based Control

The definition of application and network SLAs is controlled via the Prisma SD-WAN Performance Policy.  In Performance Policy desired actions are first selected.  These include:

  • Generate Incident - If the SLA parameters are violated an incident will be created.
  • Move Flows - Move new and existing flows away from paths that do not meet the SLA.
  • Forward Error Correction - If a SLA compliant path is not available then invoke adaptive FEC to correct packet loss.  
  • Packet Duplication - Duplicate the packets of a flow on up to 3 paths.  
  • Visibility - Link Quality SLAs configured will be reflected on the Link Quality time series charts.  

Furthermore, detailed match criteria enable flexible tuning of the SLA parameters:

  • Application IDs - One or more App-IDs
  • Application Transfer Types
  • Circuit Categories
  • Path Types
  • Service & DC Groups
  • SLA Type - Application, Network, Probe

 

Summary

Prisma SD-WAN Application SLA assurance provides out of the box protection and can be tuned to most nuanced needs of any enterprise, thus enabling the delivery of an exceptional end user application experience while simplifying day 2 operations.  

 

For step by step guides on how to configure App SLA rules please review the Prisma SD-WAN Admin Guide:

https://docs.paloaltonetworks.com/prisma/prisma-sd-wan/prisma-sd-wan-admin

 

Rate this article:
0 Likes Likes
  • 1863 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎04-10-2024 01:42 PM
Updated by:
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks