Prisma SD-WAN Performance Policy
Table of Contents
Expand all | Collapse all
-
-
- Add a Branch
- Add a Data Center
- Add a Branch Gateway
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Loopback Interface
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Configure Branch HA in a Hybrid Topology with Gen-1 (3000) and Gen-2 (3200) Platforms
- Prisma SD-WAN Incidents and Alerts
Prisma SD-WAN Performance Policy
Performance policy utilizes link quality metrics such as Latency, Loss, and Jitter
and application performance metrics such as Application RTT and Init failure % as SLA
metrics.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Measuring application performance and delivering App SLAs is a core component of Prisma
SD-WAN. Performance Policy builds upon the existing App SLA configuration to deliver a
policy framework for the measurement, enforcement, and alerting for application SLAs.
Performance Policy utilizes link quality metrics such as Latency, Loss, and
Jitter as well as application performance metrics such as Application RTT and Init
failure % as SLA metrics. If the SLA metrics are violated, the system takes action to
ensure that the SLA is enforced including moving flows to a compliant path (if
available) and invoking line conditioning such as Forward Error Correction (FEC)
to ensure the SLA is met. Optionally, an incident can be generated for critical
applications when an SLA is violated. Although default policies work well for most
environments, policies can be granularly tuned per application, path type, DC group, and
circuit category to align to the performance needs of the business.
The system automatically assigns a default policy stack to a site as part of the default
policy configuration. You can't remove the default set from the default stack, default
rules from the set, or the default threshold profile from rules. Your ability to make
changes is limited to editing the actions and thresholds for default policy rules. After
you configure a rule, it takes precedence over the default rules based on the order of
rules. The default values for Media Apps are set at latency = 150ms, packet loss = 2%,
and jitter = 40ms. For all other Apps, default values are latency = 500ms, packet loss =
5%, and jitter = 100ms.
The following are the Performance Policy functions and supported device software
versions:
| Function | Software Version |
|---|---|
| Action: Move Flows, Visibility, Incident | 6.3.1 and later |
| Action: Forward Error Correction (FEC) | 6.3.1 and later / 6.3.2 recommended |
| Match Criteria: Application, Transfer Type, Circuit Category, Path Type, Service & DC Group | 6.3.1 and later |
| SLA: Application Metrics, Link Quality Metrics | 6.3.1 and later |
| Action: Packet Duplication | 6.4.1 and later |
| SLA: Service Health Probes | 6.4.1 and later |
| SLA: Incident action for System Metrics; CPU, Memory, Disk, Concurrent Flows, Circuit Utilization | 6.4.1 and later |
| SLA: Application UDP-TRT for DNS, Link Quality MOS | 6.4.1 and later |
To prevent the need for policy migrations,
configuration of a function that is not supported by a specific device version where
the policy rule is bound is permitted. However, the device will ignore the
configuration for the entire rule if any function is not supported
Performance Policy Function Matrix
Refer to the following function matrix to understand the performance policy
feature:
| Function | Action | |||||
|---|---|---|---|---|---|---|
| Move Flows | Visibility | Incident | FEC | Packet Duplication | ||
| Action | Move Flows | -- | Combination Supported | Combination Supported | Required | Required |
| Visibility | -- | -- | Combination Supported | Combination Supported | Combination Supported | |
| Incident | -- | -- | -- | Combination Supported | Combination Supported | |
| FEC | -- | -- | -- | -- | Mutually Exclusive | |
| Packet Duplication | -- | -- | -- | -- | -- | |
| Match Criteria | Application ID, Transfer Type | -- | -- | -- | -- | -- |
| Circuit Category, Path Type | -- | -- | -- | -- | -- | |
| Service & DC Groups | -- | -- | -- | -- | -- | |
| SLA | Application Metrics | -- | -- | -- | -- | -- |
| Link Quality Metrics | -- | -- | -- | -- | -- | |
| Service Health Probes | -- | -- | -- | -- | -- | |
| System Metrics | -- | -- | -- | -- | -- | |
| Function | Match Criteria | |||
|---|---|---|---|---|
| App ID, Transfer Type | Circuit Category, Path Type | Service & DC Group | ||
| Action | Move Flows | Supported | Supported | Supported |
| Visibility | Not Supported | Supported | Supported | |
| Incident | Supported | Supported | Supported | |
| FEC | Supported | Supported | Supported | |
| Packet Duplication | Supported | Required | Supported | |
| Match Criteria | Application ID, Transfer Type | -- | Combination Supported | Combination Supported |
| Circuit Category, Path Type | -- | -- | Combination Supported | |
| Service & DC Groups | -- | -- | -- | |
| SLA | Application Metrics | -- | -- | -- |
| Link Quality Metrics | -- | -- | -- | |
| Service Health Probes | -- | -- | -- | |
| System Metrics | -- | -- | -- | |
| Function | SLA | ||||
|---|---|---|---|---|---|
| Application Metrics | Link Quality Metrics | Service Health Probes | System Metrics | ||
| Action | Move Flows | Support for new flows only | Support for new and existing Fabric VPN flows within the same NAT boundary | ICMP - Latency, Loss, Jitter DNS - Transaction Time, Transaction Failure HTTP/S - Transaction Time, Init Failure | N/A |
| Visibility | Not Supported | Supported | Not Supported | Not Supported | |
| Incident | Supported | Supported | Supported | Supported | |
| FEC | Not Supported | Packet Loss Required | Not Supported | N/A | |
| Packet Duplication | Not Supported | Packet Loss Required | Not Supported | N/A | |
| Match Criteria | Application ID, Transfer Type | Required | Supported | Supported | N/A |
| Circuit Category, Path Type | Supported | Supported | Supported | Supported | |
| Service & DC Groups | Supported | Supported | Supported | N/A | |
| SLA | Application Metrics | -- | N/A | N/A | N/A |
| Link Quality Metrics | -- | -- | N/A | N/A | |
| Service Health Probes | -- | -- | -- | N/A | |
| System Metrics | -- | -- | -- | -- | |