cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

871
Views
0
Helpful
4
Replies
jonhurley2010
Beginner

Viptela AAR behavior vs routing

What is the Viptela behavior of AAR when a single tunnel is degraded and how does this behavior change with routing?

 

Am I correct in understanding that you choose to use specific routes (no SLA) OR you choose to advertise the same routes from each datacenter and utilize SLA classes to move traffic to a different color?

 

From: https://sdwan-docs.cisco.com/Product_Documentation/Software_Features/Release_18.1/07Policy_Applications/01Application-Aware_Routing

"You cannot direct traffic to tunnels based on SLA classes."

 

In an example, consisting of a branch and two datacenters, each using private1 and biz-internet transports.  RTP traffic is defined in a SLA class that prefers color private1.

 

What happens to RTP traffic when a branch bfd probes determine there is too much latency/loss for SLA class to datacenter 1 only?  

1. Assuming routes are ECMP, would it attempt to send traffic to DC2 over private1? 

     Or does SLA force a failover to biz-internet and ECMP - Ignoring the valid private1 path from Branch to DC2?

 

2.  How does this change if routes advertised are more specific out of DC1 for this RTP flow?

     If there are specific routes advertised from DC1 would it completely stop using private1 color and instead use a remaining color to get to DC1?

 

 

 

2 ACCEPTED SOLUTIONS

Accepted Solutions
pdavanag
Cisco Employee

AAR is applied to routes/tunnels that are reachable and installed in the device routing table (best path for a prefix is calculated by Smart and shared to the device).

By default, WAN Edge would do ECMP across multiple links per-flow basis to send traffic, if multiple routes have the same metric.

with AAR policy, you define the

  • Preferred Color – the selected data traffic is pinned to the chosen WAN transport(s) as long as the transport(s) meets the specified SLA. When multiple WAN transports are selected and on transports that satisfies the SLA requirements, the WAN Edge performs ECMP load balancing across the tunnels for the selected data traffic.
  • Backup SLA Preferred Color – the selected data traffic is pinned to the chosen WAN transport(s) only when no transport(s) meets the specified SLA and Strict option is not enabled.
  • Strict – if enabled, the selected data traffic would be dropped if any of the WAN transport(s) doesn’t meet the specified SLA.

View solution in original post

After further testing, if there is a SLA class change/violation and VPN tunnels/bfd sessions remain up the over those degraded links the routes advertised remain in the table as valid. However, the SLA defined traffic classes will follow the aar policy which in the case of more DC1 routes advertised in this example are still advertised over remaining colors.

 

So depending on aar policy defined, this would potentially load balance across the remaining DC1 colors because it's routes are still advertised or potentially just the single backup color for that datacenter if that's what's defined in aar.

 

Then if the bfd connections fail (sla also fails), the routes are marked as invalid. In this example case it's similar in that the remaining routes are still received from the datacenter 1 colors and the sla class flow behavior is nearly identical to the sla failure mentioned earlier.

 

thank you for helping clarify

 

View solution in original post

4 REPLIES 4
pdavanag
Cisco Employee

AAR is applied to routes/tunnels that are reachable and installed in the device routing table (best path for a prefix is calculated by Smart and shared to the device).

By default, WAN Edge would do ECMP across multiple links per-flow basis to send traffic, if multiple routes have the same metric.

with AAR policy, you define the

  • Preferred Color – the selected data traffic is pinned to the chosen WAN transport(s) as long as the transport(s) meets the specified SLA. When multiple WAN transports are selected and on transports that satisfies the SLA requirements, the WAN Edge performs ECMP load balancing across the tunnels for the selected data traffic.
  • Backup SLA Preferred Color – the selected data traffic is pinned to the chosen WAN transport(s) only when no transport(s) meets the specified SLA and Strict option is not enabled.
  • Strict – if enabled, the selected data traffic would be dropped if any of the WAN transport(s) doesn’t meet the specified SLA.

View solution in original post

So AAR and specific routes can be used together.

 

Traffic defined in an SLA class that is pinned to a preferred color (non-strict) will switch all of that class traffic to a backup color -- even if only a single tunnel SLA is violated?


1) service-side prefix routes advertised by the WAN Edge devices are calculated in vSmart based on the OMP best-path algorithm and loop avoidance.
2) vSmart shares the calculated best paths (by default upto 4 equal-cost path are shared) for a prefix to the WAN router through the OMP protocol, the device installs these routes in its forwarding table (FIB) only if the TLOC to which it points is active
3) AAR policy is applied to these installed routes.

 

BFD probes are sent per tunnel basis. If one tunnel violates the SLA, only that tunnel is removed from the preferred path. Any other links on the WAN Edge meets the SLA that link is taken, unless no path meets specified SLA then back-up preferred path is chosen.

 

Also note that if you have multiple policies configured, please remember the policy order of operations, as the AAR policy can be overwritten with other policies.

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/CVD-SD-WAN-Design-2018OCT.pdf

After further testing, if there is a SLA class change/violation and VPN tunnels/bfd sessions remain up the over those degraded links the routes advertised remain in the table as valid. However, the SLA defined traffic classes will follow the aar policy which in the case of more DC1 routes advertised in this example are still advertised over remaining colors.

 

So depending on aar policy defined, this would potentially load balance across the remaining DC1 colors because it's routes are still advertised or potentially just the single backup color for that datacenter if that's what's defined in aar.

 

Then if the bfd connections fail (sla also fails), the routes are marked as invalid. In this example case it's similar in that the remaining routes are still received from the datacenter 1 colors and the sla class flow behavior is nearly identical to the sla failure mentioned earlier.

 

thank you for helping clarify

 

View solution in original post