In the modern world, any organization uses a huge number of corporate applications with different requirements for bandwidth and quality characteristics of WAN channels. Video conferencing applications are highly susceptible to packet loss and latency fluctuations on communications links between distributed offices. On the other hand, applications that use the FTP protocol are very tolerant of packet loss, but demanding on bandwidth.
The traditional wide area network (WAN) in the context of working with corporate applications has the following disadvantages:
All applications are transmitted over the same channel, which can easily lead to congestion and have a negative impact, for example, on voice services. Traditional routing technologies and protocols cannot identify applications, let alone route them to channels with different characteristics.
In traditional IP networks, routing protocols focus on packets rather than applications. The availability of a particular application does not yet mean its correct operation.
There are no effective technologies for optimizing the quality of communication channels in the event of its deterioration. The Internet does not provide reliable data transmission, and packet loss leads to a drop in the quality of service provision.
Addressing these issues in today’s corporate WANs requires a solution that can identify applications and ensure they run efficiently. Huawei offers its SD-WAN solution for this, based on four main technologies, which I would like to dwell on today.
Applications are identified based on the characteristics of the network traffic generated by these applications. This is what enables policy negotiation on the client hardware. These can be security policies, routing to the main or backup communication channel, and quality of service (QoS) assurance. Huawei Customer Premises Equipment (CPE) uses two methods to identify applications – Service Awareness (SA) and First Packet Identification (FPI).
Service Awareness identifies applications by matching the characteristics of the packets they send. For example, web games and web videos use HTTP and port 8080 for data transmission. Traditional devices cannot distinguish these applications by port number or protocol. However, the SA-enabled CPE easily recognizes them by their characteristics and allows the appropriate policies and routing rules to be applied for each.
First Packet Identification identifies the application after receiving the first packet from it. In a classic three-way handshake, an FPI-enabled router is able to recognize an application from a TCP SYN packet in one of two ways — statically or DNS-based.
SA is a more accurate and accurate identification method as it examines key metrics in the payload of a packet, the rate at which packets are sent, and their consistency. The technology has proven itself in non-fixed port applications. FPI, on the other hand, works with “simple” information – IP address, port number, protocol identifier. This method is less stressful on the device and is recommended for use, for example, in application-based routing scenarios.
Intelligent application-based traffic management
One of the most important functions of Huawei SD-WAN. The technology allows you to monitor the quality of the network in real time and automatically selects a route that meets the SLA requirements of a particular application. Moreover, the intelligent application-based routing engine understands, evaluates and considers the overall performance of the corporate WAN. Huawei SD-WAN uses several intelligent management algorithms:
Link quality-based traffic steering
Applications have different requirements for communication quality. For voice and video services, latency should not exceed 150ms and packet loss should be less than 1%. For such services, you can choose the main MPLS channel with guaranteed quality of communication, and use the Internet channel as a backup, remembering to adjust the limits of the allowable delay and loss values at which the switch to the backup channel will occur.
As shown in the figure, the voice stream uses MPLS (channel # 1) as the main one. It is monitored in real time by the terminal equipment (CPE). As soon as the quality of channel # 1 – for example, due to loading – no longer meets the requirements, the CPE automatically migrates the voice traffic to channel # 2, which meets the SLA requirements.
Bandwidth utilization – based traffic steering
This algorithm is applicable in two scenarios:
The bandwidth of the channel reaches its maximum value or the remaining bandwidth is below the threshold value, new traffic from the selected applications is not sent on this channel to prevent degradation of the application performance.
The channel bandwidth is reserved for high priority applications. To prevent downloads, you can configure an appropriate limit, upon reaching which traffic from these applications will be transmitted over the backup communication channel.
The diagram shows how the video service loads the bandwidth. When the channel utilization exceeds 80%, to ensure the correct operation of the application, we can configure the transmission of video traffic in parallel over the second channel.
Load balancing – based traffic steering
Let’s say an organization uses two MPLS links from different providers and wants to utilize the bandwidth of both. To do this, it is enough to add both channels to the main group for voice service on the terminal router (CPE). If the quality of the channels meets the SLA requirements, the streams will be balanced between MPLS.
Application priority-based traffic steering
If traffic of several types of services is carried over the same communication line, this algorithm provides an advantage to higher priority applications. For example, voice, video and files are transmitted over the MPLS channel. If its bandwidth is insufficient, preference is given to voice and video services.
In the diagram, the quality of the MPLS channel is better than that of the Internet connection. To take full advantage of the MPLS channel, it is configured as the primary link and the Internet channel as the secondary link. The priority of the voice service is higher than that of the FTP service. Initially, both voice and FTP services are transported over the MPLS channel. As traffic increases, the MPLS link becomes congested. To maintain voice quality, FTP traffic is automatically redirected to the Internet channel until the MPLS channel load returns to optimal performance.
QoS (Quality of Service)
The third technology of “taking care” of the work of applications, well known to all, is QoS (Quality of Service). In Huawei’s SD-WAN, QoS plays a key role, providing a variety of functions for underlay and overlay networks. Only now QoS functions are managed by the iMaster NCE controller, which greatly simplifies its configuration and usability. There are two typical scenarios here:
Enterprise Application Priority Management
As mentioned above, today a huge number of corporate applications with different requirements for the quality of communication lines live in the enterprise network. In case of insufficient bandwidth, the efficient operation of critical applications must be guaranteed first and foremost. For this, the queue scheduling mechanism is used, which determines the position in them for services of different priority.
Differentiation of channel bandwidth between departments
Enterprises are made up of numerous departments. For security purposes, the traffic of departments is isolated for each of them. And depending on the applications “living” in it, the corresponding bandwidth is allocated to the department.
The figure shows an example, where the total bandwidth of the physical channel is 100 Mb / s. Department # 1 and department # 2 are allocated 40% and 60% of the capacity, respectively. At the same time, departments can use each other’s free resources.
The ratio of the used bandwidth between Internet access and intersite interaction for department # 1 is 4: 6, for department # 2 – 3: 7. If congestion occurs on the physical links, the minimum throughput is guaranteed based on this factor.
Huawei SD-WAN supports traffic classification based on IP quintuple, application groups, DCSP value, and three types of QOS policies (priority-based scheduling, traffic policing, and traffic shaping). Hierarchical QoS (HQoS) is also supported.
This term hides the fourth pool of protocols and technologies in the Huawei SD-WAN solution, ensuring the quality of applications in the corporate WAN. Let’s talk a little about each.
Huawei Forward Error Correction (FEC)
This technology allows you to classify traffic, receive specific data streams, add redundant packets with fields to check, and check the order in which packets are received on the opposite side.
If a packet is lost or damaged during transmission over the network, the technology makes it possible to use the backup packet for recovery. FEC applies Reed-Solomon (RS) coding on the transmitting router. The excess packets are generated based on the original, and then the FEC sends the original and the backup packets to the receiving router. If the original packets are lost, the receiving side decodes the spare ones.
The most popular scenario for using FEC is video conferencing between distributed sites, but the use of the technology is not prohibited either to improve the efficiency of any corporate applications. You just need to remember that FEC is very demanding on processor resources, so it is recommended to be used only with really critical services.
Duplication of packets on different channels (Multi-path packet duplication)
Also known as dual-fed selective receiving, this technology also helps combat packet loss. The sending router duplicates the packet, and then sends the original and duplicated packets over two different communication channels. If a loss occurs on one channel, the router on the receiving side recovers the lost packet using the duplicated packet from the other channel, which eliminates the need for retransmission.
The third technology in the WAN optimization group helps optimize channel utilization by using multiple links to speed up packet transmission. Load balancing works in two modes – per-packet and per-flow.
In per-flow mode, data streams are distributed over different transmission channels based on a hashing algorithm. Balancing is used between physical links in the aggregation group. However, streams of the same type cannot be distributed over multiple communication channels.
In per-packet mode, streams are transmitted in packets. The stream contains several packets that can be transmitted and reached the destination via different communication channels. Thus, multiple channels are fully utilized for the same type of streams, speeding up data transfer.
It remains to be recalled that the advanced SD-WAN technologies, reflected in Huawei’s solutions, significantly affect the quality of the provision of corporate services. First of all, not the technical parameters described in numerous SLA depend on their availability and efficiency, but the performance of real business processes. And they, in turn, determine the competitiveness of the organization and its opportunities for further development.