Configuring Policies for Dynamic Path Steering

For a transport-independent SD-WAN Software-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. fabric, the SD Branch devices form IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels over all WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. circuits. For your branch setup to work across asymmetric links, a path selection criteria is required to enable Branch Gateways to dynamically choose an upstream path in real-time. To enable Branch Gateways to dynamically steer traffic to an upstream path, you can create WAN policies with specific performance criteria for different types of traffic, so that the best local uplink or optimal path (MPLS Multiprotocol Label Switching. The MPLS protocol speeds up and shapes network traffic flows. or the internet) is used for a given traffic flow.

The dynamic path selection feature allows you to steer and route traffic in real-time and load-balance traffic across available uplinks. For example, you can create policies that would route the most critical traffic, such as voice traffic, through the MPLS network, while the rest of the traffic is load-balanced. You could also set policies to route the voice traffic over uplinks with the least amount of packet loss, while the other types of traffic can be routed to uplinks with the lowest latency.

The Aruba SD Branch solution also supports Forward Error Correction (FEC), the ability to compensate any packet loss during traffic flow. This is achieved by inserting intermittent error recovery or redundant packets in the traffic flow. These redundant packets make up for the lost packets when the link loss quality goes below the configured SLA limit. The uplink works until the packet loss reaches the FEC threshold beyond which it becomes non-compliant. This feature improves applications' performance across the WAN and proves very useful for business-critical applications.

For optimal use of uplink resources, you can configure path steering policies with specific match criteria to choose an uplink. The uplink choice is driven by the parameters in the threshold profile, which include latency, jitter, packet loss, and bandwidth utilization metrics.

How Dynamic Path Selection Works

A dynamic path steering policy serves as a global policy that determine paths for the outgoing corporate and Internet traffic. The policy consists of the following configurable components:

  • Rules—The policy includes a sequential list of rules for traffic steering.
  • Service Level Agreements (SLAs) and Threshold Settings—Each of these rules can be configured with specific threshold settings that are based on SLAs.
  • WAN path preferences—The policy also allows you to set a path preference and enable load balancing of sessions among multiple paths.

The status bar remains gray color when there is no data to display.


The following example illustrates the path selection workflow:

  1. A client device tries to connect to the network.
  2. The authentication server authenticates the client, assigns the employee role, and then directs the client to the SD-WAN Gateway.
  3. The firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. classifies the session as Skype.
  4. The routing for an employee using Skype states that the next-hop is a VPNC and that the paths available are MPLS, INET1, and LTE Long Term Evolution. LTE is a 4G wireless communication standard that provides high-speed wireless communication for mobile phones and data terminals. See 4G..
  5. As Skype is classified as UCC, the policy categorizes it as voice traffic. The policy is configured to use MPLS as the preferred path with an SLA criterion.
  6. If the threshold metrics for MPLS meet the SLA for the voice policy, the session goes through the tunnel that is established using the MPLS uplink.
  7. If at any point in time the measured SLA for MPLS drops, the SD-WAN Gateway steers traffic to another active tunnel.

If none of the uplink group members are compliant with the policies configured, the SD-WAN Gateway chooses the best among the available uplinks.

Configuring a Dynamic Path Steering Policy

The Dynamic Path Steering policy configuration procedure includes the following tasks

Ensure that you configure health check probe destinations and uplinks before configuring the dynamic path steering policies.

  1. Creating a Dynamic Path Steering Policy
  2. Configuring Traffic Specification Rules for an Existing DPS Policy
  3. Configuring SLA Parameters for an Existing DPS Policy
  4. Configuring WAN Path for an Existing DPS Policy
  5. Configuring WAN Policy for Control-Plane Traffic