What happen for link steering “Preferred”, “Available” and “Mandatory” options?
At this point, we understand the SD-WAN Edge selects the Internet WAN link with the highest remaining downstream bandwidth for new flow that needs local Internet breakout, with link steering Auto. In Test 4.1 to Test 4.3, the objective is to see how different link steering setting will behave. During Test 4.1-4.3, there will be no extra latency/jitter/packet loss introduced to GE3 (98.1.2.19) and GE4 (184.1.2.27). The configured bandwidth of GE3 (98.1.2.19) is 5Mbps/5Mbps, the configured bandwidth of GE4 (184.1.2.27) is 10Mbps/10Mbps. The following figure summarize these two Internet WAN links status:
The following is the overview monitoring page of Edge-1 showing the WAN link status:
Test 4.1 – GE3 (98.1.2.19, 5Mbps) and GE4 (184.1.2.27, 10Mbps) are both GREEN, link steering prefers GE3 (98.1.2.19, 5Mbps)
Since both WAN links are GREEN, without any traffic, GE4 (184.1.2.27) will be selected as it has a higher bandwidth than GE3 (98.1.2.19). As a result, business policies of prefer GE3 (98.1.2.19) are configured as follow to test if the business policies are effective or not:
Test 4.1 starts with iperf3 from Client100 (192.168.200.100) starting an iperf3 to wordpress05 (43.254.254.14) to generate downstream traffic. The iperf3 command is “/usr/local/bin/iperf3 -c 43.254.254.14 -R -t 600”:
The following is the screen capture of the output from the iperf3 server side:
The iperf3 server shows the connections is from 98.1.2.19:20002, that is GE3 (98.1.2.19). This means the business policy “Prefer-GE3-Other” is taking effect to make the Edge-1 selects GE3 (98.1.2.19) without considering the remaining downstream bandwidth. Let’s check the transport live monitoring page:
The transport live monitoring confirms the iperf3 is running on GE3 (98.1.2.19) and make the GE3 (98.1.2.19) fully utilized in the downstream direction. While the iperf3 is running, in Client100 (192.168.200.100), open a web browser to access the web service at wordpress05 (43.254.254.14). The following is the web service access log:
From the wordpress05 web access log, the request is coming from IP address 98.1.2.19, this means when GE3 (98.1.2.19) fully utilized in the downstream direction, Edge-1 still selects GE3 (98.1.2.19) for new flow matching business policy Prefer-GE3-Other to honor the Preferred link steering setting.
The following the output of List Active Flows to wordpress05 (43.254.254.14) from Edge-1 for reference:
The list active flows output confirms both web access and iperf3 traffic match the Prefer-GE3-Other business policy, and the Link Policy is Preferred.
With the tests down so far, link steering “Preferred” will make the SD-WAN Edge selects the preferred WAN link for new local Internet breakout flow, without considering the remaining downstream bandwidth.
Since the link steering is “Preferred”, the WAN link color (GREEN/YELLOW/RED) should still be honored for link selection. Let’s perform a test such that packet loss is introduced to GE3 (98.1.2.19) such that the GE3 (98.1.2.19) will be RED for video/voice, YELLOW for transactional. The following is the “debug.py –dec” to verify the WAN link’s color:
With the GE3 (98.1.2.19) is RED for video/voice, YELLOW for transactional. At the Client100 (192.168.200.100), open a web browser to access the web service at wordpress05 (43.254.254.14). The following is the wordpress05 access log:
From the wordpress05 (43.254.254.14) web access log, the request is from 184.1.2.27, that is Edge-1 selected GE4 (184.1.2.27) for the web request flow when GE3 (98.1.2.19) having packet loss such that it is RED for video/voice, YELLOW for transactional.
Packet loss is removed after this test to let both WAN links having 0% packet loss.
NOTE: The primary objective of Test 4.1 is to check if the link steering “Preferred” will prefer the preferred WAN link even if the preferred WAN link remaining downstream bandwidth is not the highest (that is SD-WAN Edge does not consider remaining downstream bandwidth). However, reader might wonder in local Internet breakout with link steering Preferred, does the SD-WAN Edge consider the WAN link quality SLA? Thus, here provided an example of introducing packet loss to demonstrate, if the preferred WAN link cannot meet the SLA (which is packet loss in this example), SD-WAN Edge does select other available GREEN link for local Internet breakout. However, Test 4.1 is not intended to study in detail every scenario about “WAN link quality SLA is not met”. (If time allow, I will create another post on this topic.)
Test 4.2 – GE3 (98.1.2.19, 5Mbps) and GE4 (184.1.2.27, 10Mbps) are both GREEN, link steering available for GE3 (98.1.2.19, 5Mbps)
With link steering setting as “Available” for a particular WAN link, the expectation is that “Available” WAN link is always used unless that WAN link goes down. In Test 4.2, the business policy is adjusted to have link steering “Available” for WAN link GE3 (98.1.2.19, 5Mbps). Refer to the following screen capture for the business policy configuration in Test 4.2:
In Test 4.2, there is business policy “Available-GE3-UDP” which will catch UDP traffic going to Internet, with link steering setting as Available GE3 (98.1.2.19). Business policy “Available-GE3-Other” will catch any Non-UDP traffic going to Internet, with link steering setting as Available GE3 (98.1.2.19).
Test 4.2 starts with Client100 (192.168.200.100) start an iperf3 to wordpress05 (43.254.254.14), this iperf3 is responsible to generate downstream traffic. The command of the iperf3 is “/usr/local/bin/iperf3 -c 43.254.254.14 -R -t 600”:
Let’s check the wordpress05 (43.254.254.14) iperf3 server status:
From the iperf3 server output, the connection is from 98.1.2.19:20004, that means Edge-1 selected GE3 (98.1.2.19) for the iperf3 flow from Client100 (192.168.200.100). This match the expectation as the link steering setting is now “Available” GE3 (98.1.2.19), all new flows should be using GE3 (98.1.2.19) unless GE3 (98.1.2.19) is down.
Let’s check the transport live monitoring page:
From the live monitoring, GE3 (98.1.2.19) downstream is fully utilized by the iperf3 traffic. With the iperf3 still running, at Client100 (192.168.200.100), open a web browser to access the web service at wordpress05 (43.254.254.14). The following is the web access log at wordpress05:
From the web access log, the request is coming from IP address 98.1.2.19, that is Edge-1 selected GE3 (98.1.2.19) for the web request flow. Since the GE3 (98.1.2.19) downstream bandwidth is consumed by the iperf3, this confirmed the link steering “Available” configuration will make the SD-WAN Edge always use the “Available” GE3 (98.1.2.19) link, no matter the GE3 (98.1.2.19) downstream bandwidth is consumed or not. The following is the list active flows output to confirm the flow is hitting the expected business policy, which is “Available-GE3-Other”. Also the Link Policy is Available:
The last test in Test 4.2 is to disconnect GE3 (98.1.2.19). When GE3 (98.1.2.19) is disconnected, that is GE3 (98.1.2.19) is down, the expectation is any new flow should switch over to use other available WAN link, in this case is GE4 (184.1.2.27). Let’s disconnect GE3 (98.1.2.19), the following is the Edge-1 overview page after disconnected GE3:
The GE3 (98.1.2.19) link status is red. At this condition, open a web browser at Client100 (192.168.200.100) and access web service at wordpress05 (43.254.254.14). Client100 (192.168.200.100) is able to access the web service and the following is the web access log from wordpress05:
From wordpress05 web access log, the request is coming from IP address 184.1.2.27. This means Edge-1 selected GE4 (184.1.2.27) for new flow when GE3 (98.1.2.19) is link. This matches the expectation because link steering “Available” meaning using the configured “Available” link unless that particular link is down. Now, since the configured “Available” link GE3 is down, Edge-1 will pick other WAN links (GE4 in this example) available for new flow.
*GE3 (98.1.2.19) is re-connected after this test, so in the upcoming Test 4.3, GE3 (98.1.2.19) is started with connected status.
Test 4.3 – GE3 (98.1.2.19, 5Mbps) and GE4 (184.1.2.27, 10Mbps) are both GREEN, link steering mandatory for GE3 (98.1.2.19, 5Mbps)
With link steering setting as “Mandatory” for a particular WAN link, the expectation is that “Mandatory” WAN link is always used. In Test 4.3, the business policy is adjusted to have link steering “Mandatory” for WAN link GE3 (98.1.2.19, 5Mbps). Refer to the following screen capture for the business policy configuration in Test 4.3:
In Test 4.3, there is business policy “Mandatory-GE3-UDP” which will catch UDP traffic going to Internet, with link steering setting as Mandatory GE3 (98.1.2.19). Business policy “Mandatory-GE3-Other” will catch any Non-UDP traffic going to Internet, with link steering setting as Mandatory GE3 (98.1.2.19).
Test 4.3 starts with Client100 (192.168.200.100) start an iperf3 to wordpress05 (43.254.254.14), this iperf3 is responsible to generate downstream traffic. The command of the iperf3 is “/usr/local/bin/iperf3 -c 43.254.254.14 -R -t 600”:
The following screen capture shows the iperf3 server side at wordpress05 (43.254.254.14):
From the iperf3 server output, the connection is from 98.1.2.19:20002. This means Edge-1 selected GE3 (98.1.2.19) for this iperf3 flow. This is matching the expectation because with mandatory GE3 (98.1.2.19) business policy will let every traffic flow using GE3 (98.1.2.19). The following is the transport live monitoring page for inspecting the WAN links average throughput:
The live monitoring shows the downstream bandwidth of GE3 (98.1.2.19) is being fully utilized by the iperf3 traffic. While the iperf3 is running, in Client100 (192.168.200.100), open a browser to access the web service at wordpress05 (43.254.254.14). The following is the web access log from wordpress05:
The wordpress05 (43.254.254.14) web access log shows the request is from IP address 98.1.2.19. This means Edge-1 selected GE3 (98.1.2.19) for the web access flows. This match the expectation as the business policy is configured to be mandatory using GE3 (98.1.2.19). The following is the output of live active flows:
The output of list active flows confirmed the iperf3 and web access flow is matching business policy “Mandatory-GE3-Other” with the effective Link Policy Mandatory.
With a link steering Mandatory at GE3 (98.1.2.19), in the situation of GE3 (98.1.2.19) went down, the Internet access traffic is expected to be dropped. There should be no failover to other WAN links for link steering Mandatory. What link steering Mandatory means is the SD-WAN Edge must use that mandatory WAN link, if that particular WAN link is down, the traffic will be dropped. Let’s disconnect GE3 (98.1.2.19):
With GE3 (98.1.2.19) disconnected, the overview page above shows the link status is red for GE3. Edge-1 now only having GE4 (184.1.2.27) is up. At this condition, open a browser in Client100 (192.168.200.100) and access the web service at wordpress05 (43.254.254.14). The following is the screen capture of the browser output of Client100 (192.168.200.100):
The browser ends up with “The connection has timed out”, that means Client100 (192.168.200.100) is not able to access web service at wordpress05 (43.254.254.14). This confirmed when the configured mandatory WAN link is down (that is GE3 is down in this case), the traffic matching the business policy is dropped.
*GE3 (98.1.2.19) is re-connected after this test, so in the upcoming Test 4.3, GE3 (98.1.2.19) is started with connected status.
Conclusion of Test 4.1 to Test 4.3
The following are the conclusion of Test 4.1 to Test 4.3.
For new flow that is local Internet breakout:
Link Steering is Preferred: When the link steering is “Preferred” for a particular WAN link, say GE3 in this example. SD-WAN Edge will select the configured preferred WAN link, regardless what is that WAN link downstream bandwidth utilization. However, the configured preferred WAN link still has to meet the link quality (packet loss, jitter, latency) SLA. If the link quality SLA is not met and there is other GREEN link available, the SD-WAN Edge will select other GREEN link for new flow.
Link Steering is Available: When the link steering is “Available” for a particular WAN link, say GE3 in this example. SD-WAN Edge will select the configured available WAN link, regardless what is that WAN link downstream bandwidth utilization and what is the link quality (packet loss, jitter, latency). In the other words, as long as the configured available WAN link is up, this particular WAN link will be selected. When the configured available WAN link is down and there is other WAN link is up, new traffic flow will use the other WAN link which is up. For example, if GE3 is the configured available WAN link, and when GE3 goes down while GE4 is up, new traffic flow will be using GE4.
Link Steering is Mandatory: When the link steering is “Mandatory” for a particular WAN link, say GE3 in this example, SD-WAN Edge will always select the configured mandatory WAN link for traffic flow. In the situation the configured mandatory WAN link is down, the traffic flow will get dropped. There is no failover to other WAN link when the link steering is Mandatory.