Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 24 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 6323 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[V18 SD WAN] Application routing does not work

guillaume bottollier

Hello,

I currently testing the SD WAN functionnalities, and one of the most interesting thing for me does not work in our LAB...

Let's imagine i have two wan links, one production, and one backup, configured in the wan link manager active/backup.

I don't want Streaming Application to be routed by the backup link, so i created this SDWAN policy

(heavy trafic includes the cathegory Streaming Application)

=> when the production link ADSL is disconnected,i have access to youtube (for example) through the backup link.

Youtube Video is correctly identified in the application list, and should not be routed through the backup link.. by it does !

Any ideas ?

 

 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Keyur

    hello  

    Thanks for the links, but this does not help me to solve this issue, i followed the video to build my sd route policy, which is the exact thing i want to do !

    but this does not work, streaming is routed regarless of the policy through the backup link.

  • 0 in reply to guillaume bottollier

    Same thing is happening to me. I followed the information in the video, but all traffic is still going to a single WAN interface.

    My goal:

    • all streaming to go to a specific WAN link (DSL)
    • all other traffic to the main WAN link (LTE)

    Based on the System Graphs, XG is simply not routing the streaming traffic to the other interface.

     

     

     

  • 0 in reply to Arie

    Hi,

    looking at your rules you have them in the wrong order, but it is very difficult to tell because you have masked the internal IP addresses.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Both rules use the same subnet, as I'm trying to target only applications. In other words, different applications from the same addresses.

    Since the web sites that drive streaming traffic generally use HTTPS (e.g. YouTube) I figured I'd put the rule for streaming traffic first.

  • 0 in reply to Arie

    Hi,

    with that rule order nothing will get to the second rule, so as it is the  https and http will go out the any rule.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Arie

    Some more information.

    I have created a rule for ICMP to it's easier to test. A tracert to google.com responds exactly the way I would expect the rule to work; when I set the gateway to DSL (Verizon) it follows that route and when I set it to LTE it uses Sprint. The results are very consistent:

    6 64 ms 50 ms 50 ms sl-crs1-dc-.sprintlink.net 
    7 76 ms 41 ms 38 ms sl-mst30-ash-be14.sprintlink.net

     

    4 40 ms 35 ms 38 ms g101-0-0-2.rcmdva-lcr-22.verizon-gni.net

     

    In other words, the routing engine functions properly. However, targeting applications fails.

    I have not yet tried separating other types of traffic.

  • 0 in reply to rfcat_vk

    with that rule order nothing will get to the second rule, so as it is the  https and http will go out the any rule.

    What I have now is:

    1. Rule 1 - criterion is Application (Streaming). WAN interface: DSL
    2. Rule 2 - HTTP and HTTPS. WAN interface: LTE

    I assumed that the application/streaming rule would take precedence since it's the first rule.

    Are you saying that rule 2 (HTTP/HTTPS) takes precedence even though the first rule specifies the application?

    If this is the case, how would I configure the rules so Streaming is routed to a specific interface?

  • 0 in reply to Arie

    Hi,

    what I am saying is the rule order takes precedence, not the rule number. You had "any" service in the higher placed rule which would allow http/s out.

    Also I assume you have a linked NAT rule for each firewall rule?

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    what I am saying is the rule order takes precedence, not the rule number. You had "any" service in the higher placed rule which would allow http/s out.

    Also I assume you have a linked NAT rule for each firewall rule?

     

    OK - I understand where you're coming from now. However, the first rule "Force streaming to DSL", while having the criterion "any service", does have the Application Object set to "Streaming Media".

    That's why I figured this rule would fire on streaming media.

    As far a the NAT-config, I'd have to take a look. I haven't looked at it since I upgraded from v17.

     

  • 0 in reply to Arie

    Hi Arie,

    this is a comment and I cannot remember where I got it from. "The application function in  a firewall rule is primarily designed as DENY and is not very good at ALLOW."

    I would suggest you change your destination to some streaming sites and add the ports they use to improve your testing.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML