基于轮询的 Maximize Bandwidth (SLA)
2025/10/29大约 9 分钟
基于轮询的 Maximize Bandwidth (SLA)
重要
ADVPN 目前不支持 Maximize Bandwidth (SLA) 模式。
概念介绍
SLA
Service-Level Agreement,服务品质协议,是服务提供者和客户之间的一个协议,用来保证可计量的网络性能达到所定义的服务品质。SD-WAN 的选路基于这个 SLA 品质标准来判断,SD-WAN 规则保障让流量一直走符合 SLA 品质的链路出去。从而达到业务/客户的 SLA 品质要求。
SLA-Target
SD-WAN 可定义 SLA-Targets 设置最低保障的延迟、抖动和丢包率,一旦超过 SLA-Targets 提供的保障最低值,则立即切换另外一条线路,以确保持续提供 SLA-Targets 品质级别的服务。
SLA Target 有三种类型的判断阈值:
Latency (ms)
Jitter (ms)
Packet Loss (%)
config system sdwan config health-check edit "114_Check" set server "114.114.114.114" set members 0 config sla edit 1 set latency-threshold 200 set packetloss-threshold 2 next edit 2 set latency-threshold 250 set jitter-threshold 10 set packetloss-threshold 5 next edit 3 set latency-threshold 300 set jitter-threshold 15 set packetloss-threshold 8 next end next end
3.Lowest Cost (SLA) 和 Maximize Bandwidth (SLA) 都需要调用 SLA Target,基于 SLA Target 进行相关的判断和选路。
选路原则
只有满足 SLA-Targets 的出接口才有机会被选中,如果低于 SLA-Targets 的接口将会被移除选中列表中。
如果有多个接口满足 SLA-Targets,这些接口将按照配置的负载方式进行负载均衡来转发 SD-WAN 的流量,以便达到带宽最大利用率的效果。
负载方法支持 round-robin(默认)、source-ip-based、source-dest-ip-based、inbandwidth、outbandwidth、bibandwidth。
本文使用 round-robin 模式为例,所有流量将按循环顺序等量分配到 SD-WAN 规则中的成员接口(前提是该接口满足 SLA target)。
Maximize Bandwidth (SLA) 基于 SLA-Targets 进行工作,因此首先需要在 SD-WAN 状态检查里面配置具体的 SLA-Targets 标准,然后再 SD-WAN 规则中选择相应的 SLA-Targets,只有符合选择的 SLA-Targets 标准的出口,才会被 SD-WAN 规则所计算并用于出口数据的转发,符合 SLA-Targets 的接口都会被用于数据的转发,多个接口按照配置的负载方式进行负载均衡处理。
配置举例
网络拓扑
配置步骤
不需要配置 SD-WAN 成员接口的预估带宽,当 Maximize Bandwidth (SLA) 类型的 SD-WAN 规则使用
round-robin作为 hash-mode 时(默认配置),SD-WAN 不会考虑接口的带宽使用率,SD-WAN 会以轮询的方式将流量送至满足 SLA target 的成员接口。SD-WAN 接口成员定义。
config system sdwan set status enable config zone edit "virtual-wan-link" next end config members edit 1 set interface "port2" set gateway 202.100.1.192 next edit 2 set interface "port3" set gateway 101.100.1.192 next edit 3 set interface "port4" set gateway 111.100.1.192 next edit 4 set interface "PPPOE1_DR_PENG" next end end配置 SD-WAN 关联的默认路由。
config router static edit 1 set distance 1 set sdwan-zone "virtual-wan-link" next end配置健康检查,SLA 目标监控阿里云的延迟及丢包率。
config system sdwan config health-check edit "Aliyun" set server "cn.aliyun.com" set members 1 2 3 config sla edit 1 set link-cost-factor latency packet-loss set latency-threshold 120 set packetloss-threshold 2 next end next end
配置 SD-WAN 规则,目标为阿里云相关 Internet 服务,引用上步配置的 SLA Target,默认的负载方式为轮询,负载方式只能在 CLI 下修改。
config system sdwan config service edit 1 set name "To_Aliyun" set mode load-balance set hash-mode round-robin //默认负载方式为轮询,即基于会话的负载 set src "LAN_192.168.10.0" set internet-service enable set internet-service-name "Alibaba-Alibaba.Cloud" "Alibaba-DNS" "Alibaba-ICMP" "Alibaba-NTP" "Alibaba-SSH" "Alibaba-Web" config sla edit "Aliyun" set id 1 next end set priority-members 1 2 3 next end配置安全策略允许 SD-WAN 流量。
重要
如果使用 ippool 的方式做 SNAT,在 SD-WAN 环境下,一定要在 ippool 下配置绑定接口,防止 ippool 在 SD-WAN 成员中转换错误。
config firewall ippool edit xxxx set associated-interface port2 next end
config firewall policy edit 1 set name "To_Internet" set srcintf "port8" set dstintf "virtual-wan-link" set action accept set srcaddr "LAN_192.168.10.0" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set webfilter-profile "default" set application-list "default" set logtraffic all set nat enable next end
结果验证
查看健康检查状态,三条链路均为 alive 状态。
SDWAN # diagnose sys sdwan health-check Health Check(Aliyun): Seq(1 port2): state(alive), packet-loss(0.000%) latency(29.467), jitter(1.361), bandwidth-up(9999998), bandwidth-dw(9999998), bandwidth-bi(19999996) sla_map=0x1 Seq(2 port3): state(alive), packet-loss(0.000%) latency(29.235), jitter(1.343), bandwidth-up(9999997), bandwidth-dw(9999995), bandwidth-bi(19999992) sla_map=0x1 Seq(3 port4): state(alive), packet-loss(0.000%) latency(29.169), jitter(1.304), bandwidth-up(9999998), bandwidth-dw(9999998), bandwidth-bi(19999996) sla_map=0x1查看 SD-WAN 规则状态。
SDWAN # diagnose sys sdwan service Service(1): Address Mode(IPV4) flags=0x200 use-shortcut-sla Gen(1), TOS(0x0/0x0), Protocol(0: 1->65535), Mode(load-balance hash-mode=round-robin) Members(3): 1: Seq_num(1 port2), alive, sla(0x1), gid(2), num of pass(1), selected 2: Seq_num(2 port3), alive, sla(0x1), gid(2), num of pass(1), selected 3: Seq_num(3 port4), alive, sla(0x1), gid(2), num of pass(1), selected Internet Service(6): Alibaba-Alibaba.Cloud(6881402,0,0,0) Alibaba-DNS(6881283,0,0,0) Alibaba-ICMP(6881282,0,0,0) Alibaba-NTP(6881288,0,0,0) Alibaba-SSH(6881286,0,0,0) Alibaba-Web(6881281,0,0,0) Src address(1): 192.168.10.0-192.168.10.255查看策略路由中 SD-WAN 规则的列表,符合 SLA 目标的接口就会用于基于会话的负载均衡。
SDWAN # diagnose firewall proute list list route policy info(vf=root): id=2133458945(0x7f2a0001) vwl_service=1(To_Aliyun) vwl_mbr_seq=1 2 3 dscp_tag=0xff 0xff flags=0x10 load-balance hash-mode=round-robin tos=0x00 tos_mask=0x00 protocol=0 sport=0-65535 iif=0(any) dport=1-65535 path(3) oif=4(port2) num_pass=1 oif=5(port3) num_pass=1 oif=6(port4) num_pass=1 source(1): 192.168.10.0-192.168.10.255 destination wildcard(1): 0.0.0.0/0.0.0.0 internet service(6): Alibaba-Alibaba.Cloud(6881402,0,0,0) Alibaba-DNS(6881283,0,0,0) Alibaba-ICMP(6881282,0,0,0) Alibaba-NTP(6881288,0,0,0) Alibaba-SSH(6881286,0,0,0) Alibaba-Web(6881281,0,0,0) hit_count=25 last_used=2023-01-03 22:49:28查看路由表。
SDWAN # get router info routing-table all ... S* 0.0.0.0/0 [1/0] via 101.100.1.192, port3, [1/0] [1/0] via 111.100.1.192, port4, [1/0] [1/0] via 114.100.1.196, PPPOE1_DR_PENG, [1/0] [1/0] via 202.100.1.192, port2, [1/0] ...查看 SD-WAN 设备的流量日志,可以看到客户端访问阿里云相关的业务时,会根据轮询算法负载到三条线路上。
线路切换测试
让 port2 的延迟超过 SLA-Target。
SDWAN # diagnose sys sdwan health-check Health Check(Aliyun): Seq(1 port2): state(alive), packet-loss(0.000%) latency(187.104), jitter(0.777), bandwidth-up(9999999), bandwidth-dw(9999999), bandwidth-bi(19999998) sla_map=0x0 //超过SLA的目标值 Seq(2 port3): state(alive), packet-loss(0.000%) latency(28.857), jitter(0.705), bandwidth-up(9999999), bandwidth-dw(9999999), bandwidth-bi(19999998) sla_map=0x1 Seq(3 port4): state(alive), packet-loss(0.000%) latency(28.824), jitter(0.750), bandwidth-up(9999999), bandwidth-dw(9999999), bandwidth-bi(19999998) sla_map=0x1
查看 SD-WAN 规则状态,port2 不符合 SLA 目标,从接口列表中剔除,SLA 置位为 0x0。
SDWAN # diagnose sys sdwan service Service(1): Address Mode(IPV4) flags=0x200 use-shortcut-sla Gen(1), TOS(0x0/0x0), Protocol(0: 1->65535), Mode(load-balance hash-mode=round-robin) Members(3): 1: Seq_num(2 port3), alive, sla(0x1), gid(2), num of pass(1), selected 2: Seq_num(3 port4), alive, sla(0x1), gid(2), num of pass(1), selected 3: Seq_num(1 port2), alive, sla(0x0), gid(2), num of pass(0), selected //不符合SLA目标,从接口列表中剔除,SLA置位为0x0 Internet Service(6): Alibaba-Alibaba.Cloud(6881402,0,0,0) Alibaba-DNS(6881283,0,0,0) Alibaba-ICMP(6881282,0,0,0) Alibaba-NTP(6881288,0,0,0) Alibaba-SSH(6881286,0,0,0) Alibaba-Web(6881281,0,0,0) Src address(1): 192.168.10.0-192.168.10.255查看策略路由列表,port2 的 num_pass 为 0,不用于数据转发。
SDWAN # diagnose firewall proute list list route policy info(vf=root): id=2133458945(0x7f2a0001) vwl_service=1(To_Aliyun) vwl_mbr_seq=2 3 1 dscp_tag=0xff 0xff flags=0x10 load-balance hash-mode=round-robin tos=0x00 tos_mask=0x00 protocol=0 sport=0-65535 iif=0(any) dport=1-65535 path(3) oif=5(port3) num_pass=1 oif=6(port4) num_pass=1 oif=4(port2) num_pass=0 //port2不用于数据转发 source(1): 192.168.10.0-192.168.10.255 destination wildcard(1): 0.0.0.0/0.0.0.0 internet service(6): Alibaba-Alibaba.Cloud(6881402,0,0,0) Alibaba-DNS(6881283,0,0,0) Alibaba-ICMP(6881282,0,0,0) Alibaba-NTP(6881288,0,0,0) Alibaba-SSH(6881286,0,0,0) Alibaba-Web(6881281,0,0,0) hit_count=86 last_used=2023-01-04 00:02:56查看 SD-WAN 设备的流量日志,客户端访问阿里云的流量被负载均衡到 port3 和 port4 上,不会负载到 port2 上。
如果 port2、port3、port4 三者都无法满足 SLA 目标了,那么 SD-WAN 规则如何选择出接口呢?将三条链路的延迟均调整为无法满足 SLA Target。
SDWAN # diagnose sys sdwan health-check Health Check(Aliyun): Seq(1 port2): state(alive), packet-loss(0.000%) latency(182.008), jitter(2.069), bandwidth-up(9999999), bandwidth-dw(9999999), bandwidth-bi(19999998) sla_map=0x0 Seq(2 port3): state(alive), packet-loss(0.000%) latency(139.951), jitter(2.078), bandwidth-up(9999999), bandwidth-dw(9999999), bandwidth-bi(19999998) sla_map=0x0 Seq(3 port4): state(alive), packet-loss(0.000%) latency(168.968), jitter(2.055), bandwidth-up(9999999), bandwidth-dw(9999999), bandwidth-bi(19999998) sla_map=0x0
答案是:如果三者都无法满足 SLA 目标值了,那么还是将会以 port2、port3、port4 进行基于会话的负载均衡转发。
查看 SD-WAN 规则状态,三条链路均被选中。
SDWAN # diagnose sys sdwan service Service(1): Address Mode(IPV4) flags=0x200 use-shortcut-sla Gen(4), TOS(0x0/0x0), Protocol(0: 1->65535), Mode(load-balance hash-mode=round-robin) Members(3): 1: Seq_num(1 port2), dead, sla(0x0), gid(1), num of pass(0), selected 2: Seq_num(2 port3), alive, sla(0x0), gid(2), num of pass(0), selected 3: Seq_num(3 port4), alive, sla(0x0), gid(2), num of pass(0), selected Internet Service(6): Alibaba-Alibaba.Cloud(6881402,0,0,0) Alibaba-DNS(6881283,0,0,0) Alibaba-ICMP(6881282,0,0,0) Alibaba-NTP(6881288,0,0,0) Alibaba-SSH(6881286,0,0,0) Alibaba-Web(6881281,0,0,0) Src address(1): 192.168.10.0-192.168.10.255查看策略路由列表。
SDWAN # diagnose firewall proute list list route policy info(vf=root): id=2133458945(0x7f2a0001) vwl_service=1(To_Aliyun) vwl_mbr_seq=1 2 3 dscp_tag=0xff 0xff flags=0x10 load-balance hash-mode=round-robin tos=0x00 tos_mask=0x00 protocol=0 sport=0-65535 iif=0(any) dport=1-65535 path(3) oif=4(port2) num_pass=0 oif=5(port3) num_pass=0 oif=6(port4) num_pass=0 source(1): 192.168.10.0-192.168.10.255 destination wildcard(1): 0.0.0.0/0.0.0.0 internet service(6): Alibaba-Alibaba.Cloud(6881402,0,0,0) Alibaba-DNS(6881283,0,0,0) Alibaba-ICMP(6881282,0,0,0) Alibaba-NTP(6881288,0,0,0) Alibaba-SSH(6881286,0,0,0) Alibaba-Web(6881281,0,0,0) hit_count=25 last_used=2023-01-03 22:49:28查看 SD-WAN 设备的流量日志,依旧会在三条链路进行负载均衡。
