>
    Prisma SD-WAN Performance Policy
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. Prisma SD-WAN Performance Policy
    Download PDF

    Prisma SD-WAN Performance Policy

    Table of Contents

    Prisma SD-WAN Performance Policy

    Performance policy utilizes link quality metrics such as Latency, Loss, and Jitter and application performance metrics such as Application RTT and Init failure % as SLA metrics.
    Where Can I Use This?What Do I Need?
    • Prisma SD-WAN
    • Active Prisma SD-WAN license.
    • Physical and virtual ION devices running software version 6.3.1 and higher.
    Measuring application performance and delivering App SLAs is a core component of Prisma SD-WAN. Performance Policy builds upon the existing App SLA configuration to deliver a policy framework for the measurement, enforcement, and alerting for application SLAs.
    Performance Policy utilizes link quality metrics such as Latency, Loss, and Jitter as well as application performance metrics such as Application RTT and Init failure % as SLA metrics. If the SLA metrics are violated, the system takes action to ensure that the SLA is enforced including moving flows to a compliant path (if available) and invoking line conditioning such as Forward Error Correction (FEC) to ensure the SLA is met. Optionally, an incident can be generated for critical applications when an SLA is violated. Although default policies work well for most environments, policies can be granularly tuned per application, path type, DC group, and circuit category to align to the performance needs of the business.
    The system automatically assigns a default policy stack to a site as part of the default policy configuration. You can't remove the default set from the default stack, default rules from the set, or the default threshold profile from rules. Your ability to make changes is limited to editing the actions and thresholds for default policy rules. After you configure a rule, it takes precedence over the default rules based on the order of rules. The default values for Media Apps are set at latency = 150ms, packet loss = 2%, and jitter = 40ms. For all other Apps, default values are latency = 500ms, packet loss = 5%, and jitter = 100ms.
    The following are the Performance Policy functions and supported device software versions:
    FunctionSoftware Version
    Action: Move Flows, Visibility, Incident6.3.1 and later
    Action: Forward Error Correction (FEC)6.3.1 and later / 6.3.2 recommended
    Match Criteria: Application, Transfer Type, Circuit Category, Path Type, Service & DC Group6.3.1 and later
    SLA: Application Metrics, Link Quality Metrics6.3.1 and later
    Action: Packet Duplication6.4.1 and later
    SLA: Service Health Probes6.4.1 and later
    SLA: Incident action for System Metrics; CPU, Memory, Disk, Concurrent Flows, Circuit Utilization6.4.1 and later
    SLA: Application UDP-TRT for DNS, Link Quality MOS6.4.1 and later
    To prevent the need for policy migrations, configuration of a function that is not supported by a specific device version where the policy rule is bound is permitted. However, the device will ignore the configuration for the entire rule if any function is not supported

    Performance Policy Function Matrix

    Refer to the following function matrix to understand the performance policy feature:
    FunctionAction
    Move FlowsVisibilityIncidentFECPacket Duplication
    ActionMove Flows--Combination SupportedCombination SupportedRequiredRequired
    Visibility----Combination SupportedCombination SupportedCombination Supported
    Incident------Combination SupportedCombination Supported
    FEC--------Mutually Exclusive
    Packet Duplication----------
    Match CriteriaApplication ID, Transfer Type----------
    Circuit Category, Path Type----------
    Service & DC Groups----------
    SLAApplication Metrics----------
    Link Quality Metrics----------
    Service Health Probes----------
    System Metrics----------
    FunctionMatch Criteria
    App ID, Transfer TypeCircuit Category, Path TypeService & DC Group
    ActionMove FlowsSupportedSupportedSupported
    VisibilityNot SupportedSupportedSupported
    IncidentSupportedSupportedSupported
    FECSupportedSupportedSupported
    Packet DuplicationSupportedRequiredSupported
    Match CriteriaApplication ID, Transfer Type--Combination SupportedCombination Supported
    Circuit Category, Path Type----Combination Supported
    Service & DC Groups------
    SLAApplication Metrics------
    Link Quality Metrics------
    Service Health Probes------
    System Metrics------
    FunctionSLA
    Application MetricsLink Quality MetricsService Health ProbesSystem Metrics
    ActionMove FlowsSupport for new flows onlySupport for new and existing Fabric VPN flows within the same NAT boundaryICMP - Latency, Loss, Jitter DNS - Transaction Time, Transaction Failure HTTP/S - Transaction Time, Init FailureN/A
    VisibilityNot SupportedSupportedNot SupportedNot Supported
    IncidentSupportedSupportedSupportedSupported
    FECNot SupportedPacket Loss RequiredNot SupportedN/A
    Packet DuplicationNot SupportedPacket Loss RequiredNot SupportedN/A
    Match CriteriaApplication ID, Transfer TypeRequiredSupportedSupportedN/A
    Circuit Category, Path TypeSupportedSupportedSupportedSupported
    Service & DC GroupsSupportedSupportedSupportedN/A
    SLAApplication Metrics--N/AN/AN/A
    Link Quality Metrics----N/AN/A
    Service Health Probes------N/A
    System Metrics--------

    © 2024 Palo Alto Networks, Inc. All rights reserved.