An Edge classifies a traffic flow based on the first packets in the flow. You can create business policies with application based on Differentiated Service Code Point (DSCP) and with different DSCP markings to determine the flow treatment.

By default, an Edge classifies a flow based on the first few packets received in the flow. Business Policy and QoS marking determine the flow treatment. Once the flow is classified, an entry with five tuple information of the flow is created in the flow cache table. Subsequent packets in the flow will use the five-tuple lookup against the flow cache table.

For network topologies with Layer 3 network devices doing encapsulation and/or encryption before the traffic arrives at the Edge, this creates a challenge for the Edge to forward traffic based on the Business Policy. The traffic from the end users is multiplexed into single flow with the same source and destination IP addresses, and protocols by the Layer 3 encapsulation/encryption device, as illustrated in the following image.

The impact of multiplexing end user flows into a single tunnel creates polarization of flow forwarding using the five tuples of flow cache table, which results in WAN links not being utilized.

The Path Calculation with Multiple DSCP Labels per Flow allows the DSCP value to be included, in addition to the five tuples, as part of the flow cache table lookup. Use the path calculation with multiple DSCP tags when the original user traffic is encapsulated in another tunnel like GRE or IPsec, and DSCP labels are preserved in the new IP header. This option enables path calculation for a single flow with multiple DSCP labels, which consists of same source and destination IP addresses, and offers path differentiations based on the DSCP labels in the flow.

When you enable the Multiple-DSCP tags per Flow Path Calculation, the Edges can differentiate the traffic flows based on the DSCP marked labels.

To enable Multiple-DSCP tags per Flow Path Calculation:

  1. In the Operator portal, click Orchestrator > System Properties.
  2. Click New.
  3. In the New System Property window, create a system property with the following parameters:
    • Name: session.options.enableFlowParametersConfig
    • Data Type: Boolean
    • Value: True
  4. Click Save Changes.
  5. In the Operator portal, navigate to Global Settings > Customer Configuration > .
  6. In the Customer Configuration page, go to the additional configuration settings section, and then under SD-WAN settings, select the Include DSCP value as part of flow lookup check box for Multiple-DSCP tags per Flow Path Calculation.
    Note: This option is available only when the system property session.options.enableFlowParametersConfig is set to True.
  7. Click Save Changes.
  8. In the Edges, different flows are created based on different DSCP labels.
Note: When you select Include DSCP value as part of flow lookup, the inter-operability with previous versions is undefined.

While configuring the business policy for an Edge, you can choose to match a DSCP label for an application. For more information, see the topic Configure Business Policy Rule in the VeloCloud SD-WAN Administration Guide.

When traffic arrives at the Edge, if the traffic flow matches with the selected application and DSCP tag, then the corresponding action is performed.

You can create more business policies with different DSCP labels to match with different traffic flows and apply different treatments for those flows. For more information on business policies, see the VMware SD-WAN Administration Guide.

Limitations:

  • The path calculation with multiple DSCP labels per Flow is not applicable for the SD-WAN Gateways. You can enable this option only for Edge-to-Edge tunnels, where Edge-to-Edge can be any of the following:
    • Edge-to-Edge through Hub
    • Spoke-to-Hub
    • Dynamic Branch-to-Branch
    You can use this option for On-Premise deployment where Gateway is used only for control plane functionality and not for data plane traffic.
  • The path calculation with multiple DSCP labels per Flow is intended only for GRE or IPSec traffic. The direct Internet traffic does not carry multiple DSCP labels within a single flow.
  • After you enable the path calculation option, when the traffic flow consists of packets with same five-tuple information but different DSCP markings, LAN side NAT might not work as expected.