Cisco Catalyst SD-WAN Policies Configuration Guide, Releases 26.x and Later

PDF

Application-aware routing

Want to summarize with AI?

Log in

Describes how application-aware routing optimizes traffic paths and performance on IOS XE Catalyst SD-WAN devices using SLA-based path selection.


An application-aware routing (AAR) is a network optimization feature that

  • tracks network and path characteristics of the data plane tunnels between Cisco IOS XE Catalyst SD-WAN devices

  • uses collected information such as packet loss, latency, and jitter to compute optimal paths for data traffic, and

  • considers factors in path selection beyond standard routing protocols, offering advantages such as optimized traffic flow and reduced network costs.

This image shows how SD-WAN builds multiple tunnels over Internet and MPLS and dynamically steers application traffic over the best-performing path.

Benefits of AAR

  • Direct application traffic over WAN links that meet the required SLA for packet loss, latency, and jitter during normal network operation.

  • Detect brownouts or soft failures in real time and automatically redirect traffic to the best available path to minimize performance degradation.

  • Re-adjust traffic paths automatically once network conditions recover.

  • Reduce network costs by load-balancing traffic more efficiently across available links.

  • Improve application performance without upgrading the WAN.

TLOCs support on Cisco IOS XE Catalyst SD-WAN devices

Each Cisco IOS XE Catalyst SD-WAN device supports up to eight TLOCs, allowing a single Cisco IOS XE Catalyst SD-WAN device to connect to up to eight different WAN networks. This capability allows path customization for application traffic that has different needs in terms of packet loss and latency.


Components of application-aware routing

The Cisco IOS XE Catalyst SD-WAN Application-Aware Routing solution consists of three elements: identification, monitoring and measuring, and mapping application traffic to a specific transport tunnel.

The application-aware routing solution includes the following elements:

  • Identification: You define the application of interest, and then you create a centralized data policy that maps the application to specific SLA requirements. You single out data traffic of interest by matching on the Layer 3 and Layer 4 headers in the packets, including source and destination prefixes and ports, protocol, and DSCP field. As with all centralized data policies, you configure them on a Cisco Catalyst SD-WAN Controller, which then passes them to the appropriate Cisco IOS XE Catalyst SD-WAN devices.

  • Monitoring and measuring: The Cisco IOS XE Catalyst SD-WAN software uses BFD packets to continuously monitor the data traffic on the data plane tunnels between devices, and periodically measures the performance characteristics of the tunnel. To gauge performance, the Cisco IOS XE Catalyst SD-WAN device looks for traffic loss on the tunnel, and it measures latency by looking at the one-way and round-trip times of traffic traveling over the tunnel. These measurements might indicate suboptimal data traffic conditions.

  • Mapping application traffic to a specific transport tunnel: The final step is to map an application’s data traffic to the data plane tunnel that provides the desired performance for the application. The mapping decision is based on two criteria: the best-path criteria computed from measurements performed on the WAN connections and on the constraints specified in a policy specific to application-aware routing.

To create a data policy based on the Layer 7 application itself, configure the Cisco Catalyst SD-WAN Application Intelligence Engine (SAIE) flow with a centralized data policy. With the SAIE flow, you can direct traffic to a specific tunnel, based on the remote TLOC, the remote TLOC, or both. You cannot direct traffic to tunnels based on SLA classes.

Note

In Cisco vManage Release 20.7.1 and earlier releases, the SAIE flow is called the deep packet inspection (DPI) flow.


Fundamentals of application-aware routing policy

Scope and purpose of application aware routing

Application-aware routing policy affects only traffic that is flowing from the service side (the local/WAN side) to the tunnel (WAN) side of the Cisco IOS XE Catalyst SD-WAN device.

It maps applications to the data plane tunnel performance characteristics required to transmit their traffic. The primary purpose of application-aware routing policy is to optimize the path for data traffic being transmitted by Cisco IOS XE Catalyst SD-WAN devices.

Policy type and deployment model

An application-aware routing policy is a type of centralized data policy. You configure it on the Cisco SD-WAN Controller, and the controller automatically pushes it to the affected Cisco IOS XE Catalyst SD-WAN devices.

Like any policy, an application-aware routing policy contains a series of numbered (ordered) match-action sequences that the system evaluates from the lowest sequence number to the highest. When a data packet matches a condition, the system applies an SLA action to determine the data plane tunnel used to transmit the packet.

Default behavior and policy nature

If a packet does not match any parameters in the policy sequences, and if no SLA class is configured for the default-action, the packet is accepted and forwarded with no consideration of SLA. This is because application-aware routing policy accepts nonmatching traffic by default, it is classified as a positive policy. Other types of policies in the Cisco IOS XE Catalyst SD-WAN software are negative policies, because they drop non-matching traffic by default.

IPv6 support enhancement

Starting from Cisco IOS XE Catalyst SD-WAN Release 17.9.1a and Cisco vManage Release 20.9.1, you can configure AAR and data policies to control IPv6 traffic based on match application or app-list criteria.

Prior to Cisco IOS XE Catalyst SD-WAN Release 17.9.1a, IPv6 traffic did not have capability to match the IPv6 traffic based on Application name or application list to steer IPv6 traffic based on the desired intent.


Default action of application-aware routing policy

This section describes how the default action in an application-aware routing policy determines packet handling when no match conditions are met.

The policy’s default action defines how it handles packets that match none of the match conditions. For application-aware routing policy, if you do not configure a default action, the policy accepts all data packets and transmits them based on normal routing decisions, without considering SLA.

To modify this behavior, include the default-action SLA-class SLA-class-name command in the policy, specifying the name of an SLA class you defined in the policy SLA-class command.

When you apply an SLA class in a policy's default action, you cannot specify the strict option.

If no data plane tunnel satisfies the SLA class in the default action, the Cisco IOS XE Catalyst SD-WAN device selects one of the available tunnels by performing load-balancing across equal paths.

Expected behavior when data flow matches both AAR and data policies

  1. When data policy local TLOC action is configured, the App-route preferred-color and backup-preferred-color actions are ignored.

  2. The SLA-class and SLA-strict actions are retained from the application routing configuration.

  3. The data policy TLOC takes precedence.

When there is a local-TLOC-list action that has multiple options, choose the local-TLOC that meets SLA.

  • If no local-TLOC meets SLA, then choose equal-cost multi-path routing (ECMP) for the traffic over the local-TLOC-list.

  • If none of the local-TLOC is up, then choose a TLOC that is up.

  • If none of the local-TLOC is up and the DP is configured in restrict mode, then drop the traffic.

Note

When a loopback interface with a public IP address is configured as a TLOC and bound to a NAT-enabled physical WAN interface, DIA forwarding works. However, strict color-based exit selection using centralized data policy local-tloc or local-tloc-list is not supported if the bound physical WAN interface is not itself configured as a TLOC.


Application-aware routing for multicast protocols

This reference describes application-aware routing support for multicast protocols, and multicast traffic classification on Cisco IOS XE Catalyst SD-WAN devices.

Starting from Cisco IOS XE Catalyst SD-WAN Release 17.3.1a, application-aware routing supports overlay multicast traffic on Cisco IOS XE Catalyst SD-WAN devices. In older releases, an application-route policy is supported only for unicast traffic.

Multicast traffic classification

The Cisco IOS XE Catalyst SD-WAN devices classify the multicast traffic based on the group address and sets the SLA class. The group address can be source IP, destination IP, source prefixes, and destination prefixes. In the forwarding plane, any traffic for group address must use only those TLOC paths that meet the SLA requirement. You can perform the path selection for a group based on the preferred color, backup color, or the default action.


Restrictions for multicast protocols

Network-Based Application Recognition (NBAR) using the Cisco Catalyst SD-WAN Application Intelligence Engine (SAIE) flow is not supported for multicast.