Product Documentation

Application QoS Rules

Aug 09, 2017

The Application classification feature allows the NetScaler SD-WAN appliance to parse incoming traffic and classify them as belonging to a particular application or application family. This classification allows us to enhance the QoS of individual application or application families by creating and applying application rules.

You can filter traffic flows based on application, application family, or application object match-types and apply application rules to them. The application rules are similar to Internet Protocol (IP) rules. For information on IP rules see, How to Create Rules.

For every application rule, you can specify the mode of transmission. The following are the available transmit modes:

  • Load Balance Path: Application traffic for the flow is balanced across multiple paths. Traffic is sent through the best path until that path is completely used. The remaining packets are sent through the next best path.
  • Persistent Path: Application traffic remains on the same path until the path is no longer available.
  • Duplicate Path: Application traffic is duplicated across multiple paths, increasing reliability.

The application rules are associated to classes. For information on classes, see How to Customize Classes.

By default, the following five pre-defined application rules are available for Citrix ICA applications:

Rule Class Transmit Mode Retransmit Lost Packets Enable Packet Resequencing Discard Late Resequencing Packets

HDX_Priority_0

HDX_priority_tag_0

Load Balance Path

Enabled

Enabled

Enabled

HDX_Priority_1

HDX_priority_tag_1

Load Balance Path

Enabled

Enabled

Enabled

HDX_Priority_2

HDX_priority_tag_2

Load Balance Path

Enabled

Enabled

Enabled

HDX_Priority_3

HDX_priority_tag_3

Load Balance Path

Enabled

Enabled

Enabled

HDX

interactive_high_class

Load Balance Path

Enabled

Enabled

Enabled

How Application Rules are Applied?

In the SD-WAN network, when the incoming packets reach the SD-WAN appliance, the initial few packets do not undergo DPI classification. At this point, the IP rule attributes such as Class, TCP termination and so on are applied to the packets. After DPI classification, the application rule attributes such as Class, transmit mode and so on override the IP rule attributes.

The IP rules have more number of attributes as compared to the application rules. The application rule overrides only a few IP rule attributes, the rest of the IP rule attributes remain processed on the packets.

For example, consider you have specified an application rule for a webmail application such as Google Mail that uses the SMTP protocol. The IP rule set for SMTP protocol is applied initially before DPI classification. After parsing the packets and classifying it as belonging to Google Mail application, the application rule specified for the Google Mail application is applied.

Creating Application Rules

To create application rules:

In the Configuration Editor, navigate to Global > Default Set > Virtual Path Default Set> New_Virtual_Path_Default_Sets > Application QoS and click the plus (+) icon to add a custom application rule.

localized image

In the Order field, type the order value to define when the rule is applied in relation to other rules.

In the Match Type field, choose one of the following match types:

  • Application – If this match type is selected, specify the application that is used as a match criteria for this filter.
  • Application Family – If this match type is selected, select an application family that is used as a match criteria for this filter.
  • Application Object – If this match type is selected, select an application family that is used as a match criteria for this filter.
For more information on application, application family and application object, see Application Classification.

Specify the following application rule matching criteria to filter the application traffic. After the filtering, the rule settings are applied to the services matching these criteria.

  • Source IP Address: Source IP address and the subnet mask to match against the traffic.
  • Destination IP Address: Destination IP address and the subnet mask to match against the traffic.
  • Source Port: Source port number or port range to match against the traffic. 
  • Destination Port: Destination port number or port range to match against the traffic.

Note

Choose Src = Dest, if the source and destination internet protocol address are the same.

localized image

Configure the following general WAN settings:

  • In the Transmit Mode field, choose one of the following transmit modes:
            -  Load Balance Path: Application traffic for the flow is balanced across multiple paths. Traffic is sent through the best path until that path is completely used. The remaining packets are sent through the next best path.
            -  Persistent Path: Application traffic remains on the same path until the path is no longer available.
                In the Persistent Impedance field, specify the minimum time in milliseconds for which the traffic would remain in the same path, until wait time on the path is longer than the configured value.
            -  Duplicate Path: Application traffic is duplicated across multiple paths, increasing reliability.
  • Check Retransmit Lost Packets to send traffic that matches this rule to the remote appliance over a reliable service and retransmit lost packets.
 

Configure the LAN to WAN settings:

  • Class: Select a class with which to associate this rule.
               You can also customize classes before applying rules, for more information, see How to Customize Classes.
  • Drop Limit: Length of time after which packets waiting in the class scheduler are dropped. Not applicable for a bulk class.
  • Drop Depth: Queue depth threshold after which packets are dropped.
  • Enable RED: Random Early Detection (RED) ensures fair sharing of class resources by discarding packets when congestion occurs.
  • Disable Limit: Time for which duplication can be disabled to prevent duplicate packets from consuming bandwidth.
  • Disable Depth: The queue depth of the class scheduler, at which point the duplicate packets will not be generated.

Configure the following WAN to LAN behavior for this rule:

  • Enable Packets Resequencing: Sequences the packets in the correct order at the destination.
  • Resequence Hold Time: Time interval for which the packets are held for resequencing, after which the packets are sent to the LAN.
  • Discard Late Resequencing Packets: Discard out-of-order packets that arrived after the packets needed for resequencing have been sent to the LAN.

Click Apply.

To confirm if application rules are applied to traffic flow, navigate to Monitoring > Flows.

Make a note of the app rule id and check if the class type and transmission mode are as per your rule configuration.

localized image

You can monitor the application QoS such as no of packets / bytes uploaded, downloaded, or dropped at each site by navigating to Monitoring > Statistics > Application QoS.

 The Num parameter indicates the app rule id. Check for the app rule id obtained from the flow.

localized image