Kaspersky SD-WAN

Quality of Service (QoS)

A Quality of Service (QoS) policy ensures data transfer in accordance with the requirements set for traffic classes. In Kaspersky SD-WAN, the following components contribute to the quality of service:

  • Traffic classes are used to queue and prioritize traffic. For example, one of the classes can be used for real-time traffic that requires minimizing packet loss.
  • Traffic classifiers determine whether or not to trust DSCP values (Differentiated Services Code Point) set in the traffic packet header fields; they also map DSCP values to traffic classifiers.
  • QoS rules determine whether the bandwidth of traffic processed by traffic classifiers is limited.
  • Constraints are used in transport services for SLA compliance. You can create two types of constraints:
    • Manual TE constraints are used to add Manual-TE paths to transport services. When configuring this type of constraints, you can enable the use of an Auto-SPF path if Manual-TE paths are not available.
    • Threshold constraints are used to build Auto-TE routes in transport services based on threshold values of monitoring indicators.

    If a link used in a transport service reaches the threshold values of the selected monitoring indicators, this link is completely or partially excluded from the Auto-TE path calculation. Partially excluded links can be taken into account when calculating the Auto-TE path if there are no alternative links satisfying the constraint.

    For example, you can create a constraint that completely excludes from the Auto-TE path calculation those links that have reached the packet loss threshold. Thus, in a transport service that uses this constraint, traffic only travels through links that have low packet loss.

  • Traffic classification rules are used to identify traffic with particular values of the L2 – L4 header fields, as well as traffic of specified applications, in the overall stream of traffic. For each traffic classification rule, you must specify a sequence number and select a default action, which allows or prohibits further routing of the traffic. Classification rules are added to traffic filters.
  • Traffic filters are used to ensure security by blocking excessive or dangerous traffic, to classify traffic, and to comply with SLA requirements for applications. Each filter consists of one or more traffic classification rules.

A maximum of 8 traffic queues can be used on the WAN and LAN interfaces. For each queue, you must specify the minimum and maximum bandwidth as a percentage of the total bandwidth set for the interface as a whole. The sum total of all minimum bandwidth values specified for queues may not exceed 100%.

The queues are strict priority and unreserved bandwidth is first offered to traffic from the higher-priority queue. Each queue is guaranteed certain minimum bandwidth in accordance with its specified minimum bandwidth value. An upper limit on the maximum bandwidth for higher-priority queues is necessary to allow traffic from lower-priority queues to still be transmitted.

You can configure queues when creating or editing WAN interfaces. Due to the fact that Kaspersky SD-WAN does not support creating LAN interfaces, queues can only be configured for LAN interfaces that already exist.

Service providers can use different QoS policies to mark queues in their networks and meet the requirements of service level agreements (SLA) for the passage of client traffic. Therefore, when CPE devices are connected to communication channels of different service providers, the CPE devices can flexibly relabel traffic of different queues for each WAN interface. To configure relabelling, you must change the value of the type of service (hereinafter also referred to as ToS) when configuring queues on the SD-WAN interface.

You can edit only the ToS values of the external (link) headers of traffic packets going out of the WAN interfaces. ToS values of internal traffic packet headers cannot be edited.

In this Help section

Traffic classes

Traffic classifiers

QoS rules

Constraints

Traffic classification rules

Traffic filters

Page top
[Topic 245177]

Traffic classes

This section describes how to configure traffic classes.

In this section

Default traffic classes

Creating or editing traffic classes

Page top
[Topic 261421]

Default traffic classes

Kaspersky SD-WAN has default traffic classes for processing and filtering different types of traffic (see the table below). You can create new traffic classes or modify existing ones. Default traffic classes are suitable for most deployment scenarios, and we do not recommend changing them.

Default traffic classes

Name

Internal tag

Queue

KOver

Exclude when computing path

Best effort

0

0

0

Yes

Business normal

1

1

1

No

Business critical

2

2

1

No

Video

3

3

1

No

Conference

4

4

1

No

Signaling

5

5

1

No

Real time

6

6

1

No

Network control

7

7

1

No

The default settings presented in the table are described in the instructions for creating and editing traffic classes.

Page top
[Topic 261393]

Creating or editing traffic classes

Expand all | Collapse all

Default traffic classes are suitable for most Kaspersky SD-WAN deployment scenarios, and we do not recommend changing them.

You can create or modify 4 to 8 traffic classes in an SD-WAN instance template, or edit traffic classes in an already deployed SD-WAN instance. If you create traffic classes in an SD-WAN instance template and use that template to deploy an individual instance, the same traffic classes are automatically created in the deployed instance.

To create and edit traffic classes, use the following instructions:

  • Creating traffic classes in an SD-WAN instance template.

    In one of the traffic classes you create, you must put control traffic that is used to manage the SD-WAN infrastructure and configure its components, including setting up and managing links, exchanging routing information between devices, and monitoring the status and performance of the network. We recommend to assign control traffic to the highest priority to ensure efficient and reliable functioning of the network.

    To create traffic classes in an SD-WAN instance template:

    1. In the menu, go to the SD-WAN → SD-WAN instance templates subsection.

      A table of SD-WAN instance templates is displayed.

    2. Click the SD-WAN Instance template.

      The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

    3. Select the Traffic classes tab.

      A table of traffic classes is displayed.

    4. Click Edit.
    5. This opens a window; in that window, click + Traffic class to add a traffic class.
    6. In the Name column, enter a name for the traffic class.
    7. In the Queue column, select the number of the queue into which you want to place traffic of the selected class. The higher the value, the higher the priority of the traffic class. You cannot specify the same priority for multiple traffic classes.
    8. In the KOver column, select the overcommitment ratio of the traffic bandwidth, which sets the multiplier by which the bandwidth dedicated to the class can be increased if the total bandwidth is not fully utilized.
    9. If you need to ignore the bandwidth available to the traffic class when calculating the route, select the Exclude when computing path check box. When this check box is selected, you cannot select the KOver ratio for the traffic class. By default, the check box is selected for the last traffic class in the table (Best effort).
    10. In the Default traffic class drop-down list, select the class in which you want to place all traffic that is not included in other classes. By default, the last traffic class in the table is selected (Best effort).
    11. In the Control traffic class drop-down list, select the class in which you want to place control traffic. By default, the first traffic class in the table is selected (Network control).
    12. In the Maximum reserved bandwidth (%) drop-down list, select the percentage of the maximum traffic transfer rate that can be available for one of the created traffic classes. Range of values: 10 to 90. The default setting is 90.
    13. Click Ok.
    14. In the upper part of the settings area, click Save to save the configuration of the SD-WAN instance template.
  • Editing traffic classes in an SD-WAN instance template.

    To edit a traffic class in an SD-WAN instance template:

    1. In the menu, go to the SD-WAN → SD-WAN instance templates subsection.

      A table of SD-WAN instance templates is displayed.

    2. Click the SD-WAN Instance template.

      The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

    3. Select the Traffic classes tab.

      A table of traffic classes is displayed.

    4. Click Edit.
    5. This opens a window; in that window, edit the settings that you want to change. For a description of the settings, refer to the instructions for creating traffic classes in an SD-WAN instance template.
    6. Click Ok.
    7. In the upper part of the settings area, click Save to save the configuration of the SD-WAN instance template.
  • Editing traffic classes in an already deployed SD-WAN instance.

    To edit traffic classes in an already deployed SD-WAN instance:

    1. In the menu, go to the Infrastructure section.

      The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

    2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

      This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

    3. Go to the QoS section.

      The Traffic classes tab, which is selected by default, displays the table of traffic classes.

    4. Click Edit.
    5. This opens a window; in that window, in the Name column, enter a name for the traffic class.
    6. In the Queue column, select the number of the queue into which you want to place traffic of the selected class. The higher the value, the higher the priority of the traffic class. You cannot specify the same priority for multiple traffic classes.
    7. In the KOver column, select the overcommitment ratio of the traffic bandwidth, which sets the multiplier by which the bandwidth dedicated to the class can be increased if the total bandwidth is not fully utilized.
    8. If you need to ignore the bandwidth available to the traffic class when calculating the route, select the Exclude when computing path check box. When this check box is selected, you cannot select the KOver ratio for the traffic class. By default, the check box is selected for the last traffic class in the table (Best effort).
    9. In the Maximum reserved bandwidth (%) drop-down list, select the percentage of the maximum traffic transfer rate that can be available for one of the created traffic classes. Range of values: 10 to 90. The default setting is 90.
    10. Click Ok.
Page top
[Topic 242588]

Traffic classifiers

This section describes how to configure traffic classes.

In this section

Creating a traffic classifier

Editing a traffic classifier

Deleting a traffic classifier

Page top
[Topic 261422]

Creating a traffic classifier

Expand all | Collapse all

You can create a traffic classifier in an already deployed SD-WAN instance or in an SD-WAN instance template. If you create a traffic classifier in an SD-WAN instance template and use that template to deploy an individual instance, the same traffic classifier is automatically created in the deployed instance.

To create a traffic classifier, use the following instructions:

  • Creating a traffic classifier in an already deployed SD-WAN instance.

    To create a traffic classifier in an already deployed SD-WAN instance:

    1. In the menu, go to the Infrastructure section.

      The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

    2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

      This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

    3. Go to the QoS section.

      The Traffic classes tab, which is selected by default, displays the table of traffic classes.

    4. Select the Traffic classifiers tab.

      A table of traffic classes is displayed.

    5. Click + Classifier.
    6. This opens a window; in that window, in the Name field, enter the name of the traffic classifier.
    7. In the Type list, select one of the following values:
      • Trust is a classifier that trusts the DSCP values set in the header fields of traffic packets. This is the default setting.
      • Untrust is a classifier that does not trust the DSCP values set in the traffic packet header fields.
    8. If you selected Trust in the Type list, map the classes to DSCP values in the traffic packet headers:
      1. In the Traffic class column, select the class into which you want to place the traffic.
      2. In the External tag column, click Select next to the package header that must contain the necessary DSCP value.
      3. Select the check boxes next to the displayed DSCP values that must be present in the packet header for the traffic to be placed in the selected class.
      4. Click Ok.
    9. If in the Type lust you selected Untrust, select the class in which you want to place all traffic in the Traffic class class drop-down list.
    10. Click Create.

    The traffic classifier is created and displayed in the table.

  • Creating a traffic classifier in an SD-WAN instance template.

    To create a traffic classifier in an SD-WAN instance template:

    1. In the menu, go to the SD-WAN → SD-WAN instance templates subsection.

      A table of SD-WAN instance templates is displayed.

    2. Click the SD-WAN Instance template.

      The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

    3. Select the Traffic classifiers tab.

      A table of traffic classes is displayed.

    4. Click + Classifier.
    5. This opens a window; in that window, in the Name field, enter the name of the traffic classifier.
    6. In the Type list, select one of the following values:
      • Trust is a classifier that trusts the DSCP values set in the header fields of traffic packets. This is the default setting.
      • Untrust is a classifier that does not trust the DSCP values set in the traffic packet header fields.
    7. If you selected Trust in the Type list, map the classes to DSCP values in the traffic packet headers:
      1. In the Traffic class column, select the class into which you want to place the traffic.
      2. In the External tag column, click Select next to the package header that must contain the necessary DSCP value.
      3. Select the check boxes next to the displayed DSCP values that must be present in the packet header for the traffic to be placed in the selected class.
      4. Click Ok.
    8. If in the Type lust you selected Untrust, select the class in which you want to place all traffic in the Traffic class class drop-down list.
    9. Click Create.

      The traffic classifier is created and displayed in the table.

    10. In the upper part of the settings area, click Save to save the configuration of the SD-WAN instance template.
Page top
[Topic 242620]

Editing a traffic classifier

You can edit a traffic classifier in an already deployed SD-WAN instance or in an SD-WAN instance template. For a description of the settings, see the instructions for creating a traffic classifier.

To edit a traffic classifier in an already deployed SD-WAN instance:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the QoS section.

    The Traffic classes tab, which is selected by default, displays the table of traffic classes.

  4. Select the Traffic classifiers tab.

    A table of traffic classes is displayed.

  5. Click Management next to the traffic classifier and in the drop-down list, select Edit.
  6. This opens a window; in that window, edit the settings that you want to change.
  7. Click Save.

To edit a traffic classifier in an SD-WAN instance template:

  1. In the menu, go to the SD-WAN → SD-WAN instance templates subsection.

    A table of SD-WAN instance templates is displayed.

  2. Click the SD-WAN Instance template.

    The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

  3. Select the Traffic classifiers tab.

    A table of traffic classes is displayed.

  4. Click Management next to the traffic classifier and in the drop-down list, select Edit.
  5. This opens a window; in that window, edit the settings that you want to change.
  6. Click Save.
  7. In the upper part of the settings area, click Save to save the configuration of the SD-WAN instance template.
Page top
[Topic 256606]

Deleting a traffic classifier

You can delete a traffic classifier in an already deployed SD-WAN instance or in an SD-WAN instance template. Deleted traffic classifiers cannot be restored.

To delete a traffic classifier in an already deployed SD-WAN instance:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the QoS section.

    The Traffic classes tab, which is selected by default, displays the table of traffic classes.

  4. Select the Traffic classifiers tab.

    A table of traffic classes is displayed.

  5. Click Management next to the traffic classifier and in the drop-down list, select Delete.
  6. In the confirmation window, click Delete.

The traffic classifier is deleted and is no longer displayed in the table.

To delete a traffic classifier in an SD-WAN instance template:

  1. In the menu, go to the SD-WAN → SD-WAN instance templates subsection.

    A table of SD-WAN instance templates is displayed.

  2. Click the SD-WAN Instance template.

    The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

  3. Select the Traffic classifiers tab.

    A table of traffic classes is displayed.

  4. Click Management next to the traffic classifier and in the drop-down list, select Delete.

    The traffic classifier is deleted and is no longer displayed in the table.

  5. In the upper part of the settings area, click Save to save the configuration of the SD-WAN instance template.
Page top
[Topic 245578]

QoS rules

This section describes how to configure QoS rules.

In this section

Creating a QoS rule

Editing a QoS rule

Deleting a QoS rule

Page top
[Topic 261424]

Creating a QoS rule

Expand all | Collapse all

You can create a QoS rule in an already deployed SD-WAN instance or in an SD-WAN instance template. If you create a QoS rule in an SD-WAN instance template and use that template to deploy an individual instance, the same QoS rule is automatically created in the deployed instance.

Before creating a QoS rule, you must create a traffic classifier.

To create a QoS rule, use the following instructions:

  • Creating a QoS rule in an already deployed SD-WAN instance.

    To create a QoS rule in an already deployed SD-WAN instance:

    1. In the menu, go to the Infrastructure section.

      The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

    2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

      This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

    3. Go to the QoS section.

      The Traffic classes tab, which is selected by default, displays the table of traffic classes.

    4. Select the QoS rules tab.

      A table of QoS rules is displayed.

    5. Click + QoS rule.
    6. This opens a window; in that window, in the Name field, enter the name of the QoS rule.
    7. In the Classifier drop-down list, select the previously created traffic classifier that you want to use in the QoS rule.
    8. Configure traffic bandwidth limiting:
      • If you do not want to limit the bandwidth of traffic processed by the previously selected classifier, select the Unlimited check box.
      • If you want to limit the bandwidth of traffic processed by the previously selected classifier, clear the Unlimited check box.

      This check box is selected by default.

      QoS rules that do not limit traffic bandwidth provide users with the highest network performance, especially when dealing with applications and services with high bandwidth requirements. However, if your network is not resource-rich, bandwidth limiting may help avoid issues with congestion, performance, and traffic filtering for applications that have different priorities.

    9. If you cleared the Unlimited check box, configure the traffic bandwidth limiting settings:
      1. In the MBR field, enter the maximum bit rate. The default setting is 1.
      2. In the Speed type drop-down list, select the units of measurement for the maximum bit rate:
        • Kbit/s (selected by default)
        • Mbit/s
        • Gbit/s
      3. If you have selected a classifier of the Trust type in the Classifier drop-down list, in the Classifier drop-down list, in the Maximum reserved bandwidth (%) column, specify the percentage of the total bit rate available to each class. The sum total of the values specified for each class must equal 100%.
    10. Click Create.

    The QoS rule is created and displayed in the table.

  • Creating a QoS rule in an SD-WAN instance template.

    To create a QoS rule in an SD-WAN instance template:

    1. In the menu, go to the SD-WAN → SD-WAN instance templates subsection.

      A table of SD-WAN instance templates is displayed.

    2. Click the SD-WAN Instance template.

      The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

    3. Select the QoS rules tab.

      A table of QoS rules is displayed.

    4. Click + QoS rule.
    5. This opens a window; in that window, in the Name field, enter the name of the QoS rule.
    6. In the Classifier drop-down list, select the previously created traffic classifier that you want to use in the QoS rule.
    7. Configure traffic bandwidth limiting:
      • If you do not want to limit the bandwidth of traffic processed by the previously selected classifier, select the Unlimited check box.
      • If you want to limit the bandwidth of traffic processed by the previously selected classifier, clear the Unlimited check box.

      This check box is selected by default.

      QoS rules that do not limit traffic bandwidth provide users with the highest network performance, especially when dealing with applications and services with high bandwidth requirements. However, if your network is not resource-rich, bandwidth limiting may help avoid issues with congestion, performance, and traffic filtering for applications that have different priorities.

    8. If you cleared the Unlimited check box, configure the traffic bandwidth limiting settings:
      1. In the MBR field, enter the maximum bit rate. The default setting is 1.
      2. In the Speed type drop-down list, select the units of measurement for the maximum bit rate:
        • Kbit/s (selected by default)
        • Mbit/s
        • Gbit/s
      3. If you have selected a classifier of the Trust type in the Classifier drop-down list, in the Classifier drop-down list, in the Maximum reserved bandwidth (%) column, specify the percentage of the total bit rate available to each class. The sum total of the values specified for each class must equal 100%.
    9. Click Create.

      The QoS rule is created and displayed in the table.

    10. In the upper part of the settings area, click Save to save the configuration of the SD-WAN instance template.
Page top
[Topic 242639]

Editing a QoS rule

You can edit a QoS rule in an already deployed SD-WAN instance or in an SD-WAN instance template. For a description of the settings, see the instructions for creating a QoS rule.

To edit a QoS rule in an already deployed SD-WAN instance:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the QoS section.

    The Traffic classes tab, which is selected by default, displays the table of traffic classes.

  4. Select the QoS rules tab.

    A table of QoS rules is displayed.

  5. Click Management next to the QoS rule and in the drop-down list, select Edit.
  6. This opens a window; in that window, edit the settings that you want to change.
  7. Click Save.

To edit a QoS rule in an SD-WAN instance template:

  1. In the menu, go to the SD-WAN → SD-WAN instance templates subsection.

    A table of SD-WAN instance templates is displayed.

  2. Click the SD-WAN Instance template.

    The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

  3. Select the QoS rules tab.

    A table of QoS rules is displayed.

  4. Click Management next to the QoS rule and in the drop-down list, select Edit.
  5. This opens a window; in that window, edit the settings that you want to change.
  6. Click Save.
  7. In the upper part of the settings area, click Save to save the configuration of the SD-WAN instance template.
Page top
[Topic 256612]

Deleting a QoS rule

You can delete a QoS rule in an already deployed SD-WAN instance or in an SD-WAN instance template. Deleted QoS rules cannot be restored.

To delete a QoS rule in an already deployed SD-WAN instance:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the QoS section.

    The Traffic classes tab, which is selected by default, displays the table of traffic classes.

  4. Select the QoS rules tab.

    A table of QoS rules is displayed.

  5. Click Management next to the QoS rule and in the drop-down list, select Delete.
  6. In the confirmation window, click Delete.

The QoS rule is deleted and is no longer displayed in the table.

To delete a QoS rule in an SD-WAN instance template:

  1. In the menu, go to the SD-WAN → SD-WAN instance templates subsection.

    A table of SD-WAN instance templates is displayed.

  2. Click the SD-WAN Instance template.

    The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

  3. Select the QoS rules tab.

    A table of QoS rules is displayed.

  4. Click Management next to the QoS rule and in the drop-down list, select Delete.

    The QoS rule is deleted and is no longer displayed in the table.

  5. In the upper part of the settings area, click Save to save the configuration of the SD-WAN instance template.
Page top
[Topic 256613][Topic 261426]

Creating a Manual-TE constraint

Before creating a Manual-TE constraint, you must create Manual-TE paths.

To create a Manual-TE constraint:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the Constraints section.

    A table of Manual-TE constraints is displayed.

  4. In the upper part of the page, click + Manual-TE constraint.
  5. This opens a window; in that window, in the Name field, enter the name of the Manual-TE constraint.
  6. Select the Use Manual-TE path check box next to the Manual-TE paths that you want to add to the constraint. By default, the check boxes are cleared and no paths are added to the constraint.
  7. To allow an Auto-SPF path to be used when no Manual-TE paths are available, select the Ignore if no constrained path is found check box next to the relevant Manual-TE paths. The check box can be selected only for paths that have the Use Manual-TE path check box selected. By default, the check boxes are cleared and Auto-SPF cannot be used as an alternative for all paths.
  8. Click Create.

The Manual-TE constraint is created and displayed in the table.

Now you can specify the Manual-TE constraint in transport service settings to add Manual-TE paths contained in the constraint to the transport service.

Page top
[Topic 246463]

Editing a Manual-TE constraint

To edit a Manual-TE constraint:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the Constraints section.

    A table of Manual-TE constraints is displayed.

  4. Click Management next to the Manual-TE constraint and in the drop-down list, select Edit.
  5. This opens a window; in that window, edit the settings that you want to change. For a description of the settings, see the instructions for creating a Manual-TE constraint.
  6. Click Save.
Page top
[Topic 256618]

Deleting a Manual-TE constraint

Deleted Manual-TE constraints cannot be restored.

To delete a Manual-TE constraint:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the Constraints section.

    A table of Manual-TE constraints is displayed.

  4. Click Management next to the Manual-TE constraint and in the drop-down list, select Delete.
  5. In the confirmation window, click Delete.

The Manual-TE constraint is deleted and is no longer displayed in the table.

Page top
[Topic 256619]

Creating a threshold constraint

Before creating a threshold constraint, you must enable monitoring on links.

To create a threshold constraint:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the Constraints section.

    A table of Manual-TE constraints is displayed.

  4. Select the Thresholds tab.

    A table of threshold constraints is displayed.

  5. In the upper part of the page, click + Threshold constraint.
  6. This opens a window; in that window, in the Name field, enter the name of the threshold constraint.
  7. Select the Do not use tunnels with threshold reached check box next to monitoring indicators to have the threshold constraint exclude links that have reached the threshold value of these indicators from the Auto-TE path calculation. By default, the Do not use tunnels with threshold reached check box is cleared and no monitoring indicators are used to exclude links.
  8. If necessary, select the Ignore if no constrained path is found check box next to the monitoring indicators to let the constraint include links that have reached threshold values of these indicators in the Auto-TE path calculation when alternative links do not exist. The check box can be selected only for links that have the Do not use tunnels with threshold reached check box selected.

    By default, the Ignore if no constrained path is found check box is cleared and the constraint excludes all links that have reached the threshold values of the selected monitoring indicators from the Auto-TE path calculation.

  9. Click Create.

The constraint is created and displayed in the table.

You can specify the constraint in transport service settings to use it for automatic calculation of the path.

Page top
[Topic 246441]

Editing a threshold constraint

To edit a threshold constraint:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the Constraints section.

    A table of Manual-TE constraints is displayed.

  4. Select the Thresholds tab.

    A table of threshold constraints is displayed.

  5. Click Management next to the threshold constraint and in the drop-down list, select Edit.
  6. This opens a window; in that window, edit the settings that you want to change. For a description of the settings, see the instructions for creating a threshold constraint.
  7. Click Save.
Page top
[Topic 256621]

Deleting a threshold constraint

Deleted threshold constraints cannot be restored.

To delete a threshold constraint:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the Constraints section.

    A table of Manual-TE constraints is displayed.

  4. Select the Thresholds tab.

    A table of threshold constraints is displayed.

  5. Click Management next to the threshold constraint and in the drop-down list, select Delete.
  6. In the confirmation window, click Delete.

The threshold constraint is deleted and is no longer displayed in the table.

Page top
[Topic 256622]

Traffic classification rules

This section describes how to configure traffic classification rules.

In this section

Creating a traffic classification rule

Editing a traffic classification rule

Deleting a traffic classification rule

Page top
[Topic 261427]

Creating a traffic classification rule

To create a traffic classification rule:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the Traffic filters section.

    A table of traffic filters is displayed.

  4. Select the Rules tab.

    A table of traffic classification rules is displayed.

  5. In the upper part of the page, click + Qualification rule.
  6. This opens a window; in that window, in the Name field, enter the name of the traffic classification rule.
  7. On the L2 fields tab, select the check boxes next to the L2 fields whose values the rule must use to identify traffic in the overall data stream. If the check box is selected, enter or select the required value. You can use the values of the following fields to identify traffic:
    • Outer VLAN ID – range of values: 1 to 2,094.
    • Outer VLAN PCP — range of values: 0 to 7.
    • Source MAC.
    • Source MAC mask.
    • Destination MAC.
    • Destination MAC mask.
    • Ethertype — possible values:
      • 0x0800 (selected by default)
      • 0x86dd
      • 0x0806
  8. On the L3 fields tab, select the check boxes next to the L3 fields whose values the rule must use to identify traffic in the overall data stream. If the check box is selected, enter or select the required value. You can use the values of the following fields to identify traffic:
    • Protocol — Possible values:
      • IPv4
      • IPv6
    • Source IP — IPv4 address or IPv6 address depending on the selected protocol
    • Source IP prefix length — Range of values for the IPv4 address: from 0 to 32; for IPv6 address: from 0 to 128
    • Destination IP — IPv4 address or IPv6 address depending on the selected protocol
    • Destination IP prefix length — Range of values for the IPv4 address: from 0 to 32; for IPv6 address: from 0 to 128
    • DSCP
    • TOS
  9. On the L4 fields tab, select the check boxes next to the L4 fields whose values the rule must use to identify traffic in the overall data stream. If the check box is selected, enter or select the required value. You can use the values of the following fields to identify traffic:
    • IP protocol
    • Source port list
    • Destination port list
    • ICMP type number
  10. On the DPI tab, select the application whose traffic the rule must identify in the overall data stream:
    1. Select the Application check box.
    2. In the drop-down list, select the application.

    DPI (Deep Packet Inspection) classification is not supported for traffic generated by CPE devices.

  11. Click Create.

The traffic classification rule is created and displayed in the table.

You can use a traffic classification rule when creating a traffic filter.

Example of a created traffic classification rule:

You can create a traffic classification rule with the following parameters:

  • On the L2 fields tab, in the Outer VLAN ID field, enter 1.
  • On the L2 fields tab, in the Outer VLAN PCP field, enter 3.
  • On the L3 fields tab, in the Protocol drop-down list, select IPv4.
  • On the L3 fields tab, in the Source IP field, enter the 192.168.2.0/24 address.

    In this case, the rule identifies traffic with the following properties in the overall data stream:

  • Outer VLAN tag — 1
  • Outer PCP tag — 3
  • Protocol — IPv4
  • Source IP address — 192.168.2.0/24

    Traffic that is missing at least one of these properties is not identified.

See also

Scenario: Directing application traffic to a transport service

Page top
[Topic 246479]

Editing a traffic classification rule

To edit a traffic classification rule:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the Traffic filters section.

    A table of traffic filters is displayed.

  4. Select the Rules tab.

    A table of traffic classification rules is displayed.

  5. Click Management next to the traffic classification rule and in the drop-down list, select Edit.
  6. This opens a window; in that window, edit the settings that you want to change. For a description of the settings, see the instructions for creating a traffic classification rule.
  7. Click Save.
Page top
[Topic 256625]

Deleting a traffic classification rule

Deleted traffic classification rules cannot be restored.

To delete a traffic classification rule:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the Traffic filters section.

    A table of traffic filters is displayed.

  4. Select the Rules tab.

    A table of traffic classification rules is displayed.

  5. Click Management next to the traffic classification rule and in the drop-down list, select Delete.
  6. In the confirmation window, click Delete.

The traffic classification rule is deleted and is no longer displayed in the table.

Page top
[Topic 256627]

Traffic filters

This section describes how to configure traffic filters.

In this section

Creating a traffic filter

Editing a traffic filter

Deleting a traffic filter

Page top
[Topic 261429]

Creating a traffic filter

Before creating a traffic filter, you must create at least one traffic classification rule.

To create a traffic filter:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the Traffic filters section.

    A table of traffic filters is displayed.

  4. In the upper part of the page, click + Traffic fliter.
  5. This opens a window; in that window, in the Name field, enter the name of the traffic filter.
  6. In the Sequence field, enter the sequential number of the traffic classification rule. The rule with the lowest number is processed first. Range of values: 1 to 998. You cannot specify the same sequence number for multiple rules. The default setting is 10.
  7. In the Qualification rule drop-down list, select a previously created traffic classification rule that you want to add to the filter.
  8. In the Action drop-down list, select the action that the traffic classification rule must apply to the traffic identified in the overall data stream:
    • Permit — Allow further routing of the traffic. This is the default setting.
    • Deny — Block further routing of the traffic.
  9. Click Add to add a previously created traffic classification rule to the filter. You can add multiple rules.
  10. In the Default action (if sequence=999) drop-down list, select the action that you want to apply to all other traffic:
    • Permit — Allow further routing of the traffic. This is the default setting.
    • Deny — Block further routing of the traffic.
  11. Click Create.

The traffic filter is created and displayed in the table.

You can use a traffic filter when creating transport services.

See also

Scenario: Directing application traffic to a transport service

Page top
[Topic 246488]

Editing a traffic filter

To edit a traffic filter:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the Traffic filters section.

    A table of traffic filters is displayed.

  4. Click Management next to the traffic filter and in the drop-down list, select Edit.
  5. This opens a window; in that window, edit the settings that you want to change. For a description of the settings, see the instructions for creating a traffic filter.
  6. Click Save.
Page top
[Topic 256629]

Deleting a traffic filter

Deleted traffic filters cannot be restored.

To delete a traffic filter:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.

    This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.

  3. Go to the Traffic filters section.

    A table of traffic filters is displayed.

  4. Click Management next to the traffic filter and in the drop-down list, select Delete.
  5. In the confirmation window, click Delete.

The traffic filter is deleted and is no longer displayed in the table.

Page top
[Topic 256630]