An administrator can define application and traffic policies. These policies help to enable traffic steering, Quality of Service (QoS), and filtering capabilities for applications. Specify whether a defined rule can be applied globally across all the sites in the network or on certain specific sites.
Policies are defined in the form of multiple rules which get applied in the user-defined order.
Create new rule
An administrator needs to place the defined rule based on the priority. The priorities such as Top of the List, Bottom of the List, or in between two existing entries.
It is recommended to have more specific rules for applications or sub applications at the top, followed by less specific rules for the ones representing broader traffic.
For example, you can create specific rules for both Facebook Messenger (sub application) and Facebook (application). Put a Facebook Messenger rule on top of the Facebook rule so that the Facebook Messenger rule gets selected. If the order is reversed, Facebook Messenger being a subapplication of the Facebook application, the Facebook Messenger rule would not get select. It is important to get the order right.
Select traffic for a defined rule such as:
- An application
- Custom defined application
- Group of applications or IP protocol based rule
Specify whether a defined rule can be applied globally across all the sites in the network or on certain specific sites.
Specify how the traffic needs to be steered.
+ New Custom App: Select a match criteria from the list. The administrator can add new custom application by giving a name to:
- Custom application
- protocol (such as TCP, UDP, ICMP)
- Network IP/Prefix
- DSCP tag
You can also create a domain name based custom application.
Click Verify Config to validate any audit error.
You can create global and site-specific IP rules at the network level by navigating to Configuration > QoS > QoS Policies.
IP Protocol Match Criteria
- Add/Remove Sites: (available only while creating site-specific IP rule) Select the sites, click Review, and Done.
- Source Network: The source IP address and subnet mask that the rule matches.
- Destination Network: The destination IP address and subnet mask that the rule matches.
- Use IP Group: Select the Use IP Group check box to choose any existing IP group from the drop-down list.
- Src = Dst: If selected, the source IP address is also used for the destination IP address.
- Source Port: The source port (or source port range) that the rule matches.
- Destination Port: The destination port (or destination port range) that the rule matches.
- Src = Dst: If selected, the source port is also used for the destination port.
- Protocol: The protocol with which the rule matches. You can select one of the predefined protocols, or select Any, or Number.
- Protocol Number: This field appears only when you select Number from the Protocol drop-down list. When you select a protocol number, the integer associated with the protocol is used for the back-end configurations.
- DSCP: The DSCP tag in the IP header that the rule matches.
- Routing Domain: The routing domain that the rule matches.
- VLAN ID: Enter the VLAN ID for the rule. The VLAN ID identifies the traffic to and from the virtual interface. Use VLAN ID as 0 to designate native or untagged traffic.
- Rebind Flow On Change: When selected, flows that are otherwise identical in terms of match criteria are treated as separate if their DSCP fields differ.
- Virtual Path Remote Site: Select the virtual path for the remote site.
Traffic Policy: Choose one of the following traffic policies as needed.
- Load Balance Paths: Application traffic for the flow is balanced across multiple paths. Traffic is sent through the best path until that path is used. The remaining packets are sent through the next best path.
Persistent Path: Application traffic remains on the same path until the path is no longer available. Select one of the following Persistence Policies:
- Persist on the originating link: The application traffic remains on the originating link until the path is no longer available.
- Persist on MPLS link if available, else on the originating link: The application traffic remains on the MPLS link. If the MPLS link is unavailable, then the traffic remains on the originating link.
- Persist on Internet link if available, else on the originating link: The application traffic remains on the internet link. If the internet link is unavailable, then the traffic remains on the originating link.
- Persist on Private Intranet link if available, else on the originating link: The application traffic remains on the private intranet link. If the private intranet link is unavailable, then the traffic remains on the originating link.
Persistence Impedance is the time (in ms) until which the application traffic remains on the link.
- Duplicate Paths: Application traffic is duplicated across multiple paths, increasing reliability.
Transfer Type: Choose one of the following transfer types:
- Realtime: Used for low latency, low bandwidth, time-sensitive traffic. Real-time applications are time-sensitive but don’t really need high bandwidth (for example voice over IP). Real-time applications are sensitive to latency and jitter but can tolerate some loss.
- Interactive: Used for interactive traffic with low to medium latency requirements and low to medium bandwidth requirements. The interaction is typically between a client and a server. The communication might not need high bandwidth but is sensitive to loss and latency.
- Bulk: Used for high bandwidth traffic and applications that can tolerate high latency. Applications that handle file transfer and need high bandwidth are categorized as a bulk class. These applications involve little human interference and are mostly handled by the systems themselves.
- Priority: Choose a priority for the selected transfer type.
- Transfer Type: Choose one of the following transfer types:
Internet Traffic Policy
- Select the Enable Internet Policy check box to configure internet traffic policy.
- Mode: The method of transmitting and receiving packets for flows that match the rule. You can choose Override Service or WAN link as needed.
- WAN link: The WAN link to be used by flows matching the rule when Internet Load Balancing is enabled.
- Override Service: The destination service for flows matching the rule.
Click Save to save the configuration settings. Click Verify Config to validate any audit error.
The Quality of Service (QoS) section helps to create the QoS profile by using the + QoS Profile option. The QoS profile provides improved service to certain traffic. The goal of QoS is to provide priority including traffic type (Real-time, Interactive, and Bulk classes) and dedicated bandwidth. The bandwidth breakups are available in % values. This also improved loss characteristics.
Click Verify Config to validate any audit error.