The Business Intent Overlay (BIO) is the one of the most important components for application matching and forwarding.
Each BIO can be configured differently depending on application flow requirements. However, if prerequisites for traffic going through the overlay are not met—including proper interface labels, application identification, and templates assigned—then creating an overlay is not enough.
If prerequisites are met and an application is not behaving as expected or not going through the overlay at all, there are typically three ways to match traffic coming into an overlay and troubleshoot:
- Overlay ACLs (recommended). Overlay ACLs are the most often used option for BIO configuration, so if application traffic is not matched to the correct overlay, this should be the first troubleshooting consideration. Validate the overlay configuration by addressing the following potential issues:
- Is the application assigned to the correct overlay?
- Does it have the correct permissions?
- Because ACLs are per overlay, has the correct ACL been created for the correct overlay?
- Appliance ACLs. These are configured on each appliance, and can be applied to either a single appliance or a group of appliances. If an appliance ACL was created, make sure traffic coming from the LAN is properly matched into the Appliance ACL.
- LAN Port Labels. If LAN port labels are used, traffic is routed based on the matching label.
|Traffic matching into wrong BIO.||Make sure the traffic is being identified as the intended application. If it is, review BIO match criteria to verify that the application is in the list.Appliances match traffic from the top BIO to the bottom one. Drag and drop the overlays to reorder if needed.Make sure the overlay is applied on the Configuration > Apply Overlays tab.|
|Traffic not taking desired path.||Make sure desired interfaces are primary for the overlay. Review circuit performance for provider issues.Review the Bonding Policy configuration and make any required changes.|