TCP Optimization: Cisco IOS XE SD-WAN Devices

Table 1. Feature History
Feature Name

Release Information

Feature Description

TCP Optimization Cisco IOS XE SD-WAN Release 16.12.1d

This feature optimizes TCP data traffic by decreasing any round-trip latency and improving throughput.

TCP optimization fine tunes the processing of TCP data traffic to decrease round-trip latency and improve throughput.

This article describes optimizing TCP traffic in service-side VPNs on Cisco IOS XE SD-WAN devices.

Optimizing TCP traffic is especially useful for improving TCP traffic performance on long-latency links, such as transcontinental links and the high-latency transport links used by VSAT satellite communications systems. TCP optimization can also improve the performance of SaaS applications.

With TCP optimization, a router acts as a TCP proxy between a client that is initiating a TCP flow and a server that is listening for a TCP flow, as illustrated in the following figure:

The figure shows two routers acting as proxies. Router A is the proxy for the client, and is called the client proxy. Router B is the proxy for the server, called the server proxy. Without TCP optimization, the client establishes a TCP connection directly to the server. When you enable TCP optimization on the two routers, Router A terminates the TCP connection from the client and establishes a TCP connection with Router B. Router B then establishes a TCP connection to the server. The two routers cache the TCP traffic in their buffers to ensure that the traffic from the client reaches the server without allowing the TCP connection to time out.

It is recommended that you configure TCP optimization on both the routers, the router closer to the client and the router closer to the server. This configuration is sometimes called a dual-ended proxy. It is possible to configure TCP optimization only on the router closer to the client, a scenario called single-ended proxy, but this configuration is not recommended because the TCP optimization process is compromised. TCP is a bidirectional protocol and operates only when connection-initiation messages (SYNs) are acknowledged by ACK messages in a timely fashion.

If both the client and the server are connected to the same router, no TCP optimization is performed.

To use TCP optimization, first enable the feature on the router. Then define which TCP traffic to optimize. Before you configure TCP optimization, to start with the configuration transaction, you can use the following command such as,

ntp server 198.51.241.229 source GigabitEthernet1 version 4

Topology and Roles

For a branch, the Cisco IOS XE SD-WAN device acts as both controller and service-node.

Data Center

For a data center, the controller and service-node roles are performed by separate Cisco IOS XE SD-WAN devices. This optimizes performance and enables handling more traffic.

The service-node is an external node that has control connections to vManage to receive configurations.


Note

The service-node Cisco IOS XE SD-WAN device must have an underlay connection to the controller on the global VRF to establish an appnav tunnel.


Supported Platforms

The following platforms support the SSL/TLS Proxy feature.

  • Cisco 4331 Integrated Services Router (ISR 4331)

  • Cisco 4431 Integrated Services Router (ISR 4431)

  • Cisco 4321 Integrated Services Router (ISR 4321)

  • Cisco 4351 Integrated Services Router (ISR 4351)

  • Cisco 4451 Integrated Services Router (ISR 4451)

  • Cisco 4461 Integrated Services Router (ISR 4461)

  • Cisco CSR 1000v Cloud Services Router (CSRv)

Minimum Resource Requirements

  • The platforms must have a minimum of 8GB of DRAM.

  • The platforms must have four or more data cores, with the exception of Cisco 4321 Integrated Services Router (ISR 4321), which is supported in spite of having fewer than four data cores.

Platform Roles

Platform

Role

Data center: controller node

Data center: service node

Branch

ISR 4331

Yes

Limitations and Restrictions

  • DIA traffic sent to a third-party Bottleneck Bandwidth and Round-trip propagation time (BBR) cannot be optimized. To enable TCP optimization, you must have Cisco IOS XE SD-WAN device on both transport and server side of the network.

  • The data center-service node topology supports only one service node for every control node.

Examples

Example: Configure Service Insertion by CLI – Branch Router

This example configures the branch Cisco IOS XE SD-WAN device to act as controller and service-node.

service-insertion appnav-controller-group ACG-APPQOE
 appnav-controller 192.3.3.1
!
service-insertion service-node-group SNG-APPQOE
 service-node 192.3.3.2
!
service-insertion service-context appqoe/1
 appnav-controller-group ACG-APPQOE
 service-node-group      SNG-APPQOE
 enable
 vrf global
!

interface VirtualPortGroup2
 no shutdown
 ip address 192.3.3.1 255.255.255.0
 service-insertion appqoe
exit

Example: Configure Service Insertion Using vManage – Branch Router

For a branch, the Cisco IOS XE SD-WAN device acts as both controller and service-node.

This example configures the branch Cisco IOS XE SD-WAN device as controller and service-node.


Note

When enabling the AppQoE feature on a device through vManage, ensure that you remove any Virtual Port Groups (VPG) that already have service-insertion appqoe in their configuration and have an IP address that differs from the one you are pushing through vManage. Enabling AppQoE on a device that has an existing service-insertion appqoe configuration on a VPG could lead to a conflict in configurations. This conflict may result in the AppQoE status remaining indeterminate.


  1. In vManage, open Configuration.

  2. At the top of the page, select Feature.

  3. In Select Devices, select the branch device to configure.

  4. In Other Templates, select AppQoE.

  5. Select the Controller button.

  6. Create a feature template for the Cisco XE SD-WAN router acting as controller and service-node. Enter:

    • Template Name

    • Controller IP: Corresponds to the appnav-controller value that would be configured by the service-insertion appnav-controller-group command when configuring by CLI.

    • Internal: Check this option.

    • Service Node IP: Corresponds to the service-node value that would be configured by the service-insertion service-node-group command when configuring by CLI.

  7. Click Save.

  8. Add the feature template that was created in a previous step, to a device template page. In the AppQoE dropdown menu, select the name of the feature template.

  9. Click Create.

Example: Configure Service Insertion by CLI – Data Center Controller

This example configures the Cisco IOS XE SD-WAN device acting as the data center controller.

service-insertion appnav-controller-group ACG-APPQOE
 appnav-controller 10.1.17.15
!
service-insertion service-node-group SNG-APPQOE
 service-node 192.3.3.2
!
service-insertion service-context appqoe/1
 appnav-controller-group ACG-APPQOE
 service-node-group      SNG-APPQOE
 enable
 vrf global
!
ip route 192.3.3.0 255.255.255.0 10.1.17.14

Example: Configure Service Insertion Using vManage – Data Center Controller

  1. In vManage, open Configuration.

  2. At the top of the page, select Feature.

  3. In Select Devices, select the branch device to configure.

  4. In Other Templates, select AppQoE.

  5. Select the Controller button.

  6. Create a feature template for the Cisco IOS XE SD-WAN device acting as controller. Enter:

    • Template Name

    • Controller IP: Corresponds to the appnav-controller value that would be configured by the service-insertion appnav-controller-group command when configuring by CLI.

    • Internal: Leave this option unchecked.

    • Service Node IP: Corresponds to the service-node value that would be configured by the service-insertion service-node-group command when configuring by CLI.

  7. Click Save.

  8. Add the feature template that was created in a previous step, to a device template page. In the AppQoE dropdown menu, select the name of the feature template.

  9. Click Create.

Example: Configure Service Insertion by CLI – Data Center Service-Node

This example configures the Cisco XE SD-WAN router acting as the data center service-node.

service-insertion service-node-group SNG-APPQOE
 service-node 192.3.3.2
!

interface VirtualPortGroup2
 no shutdown
 ip address 192.3.3.1 255.255.255.0
 no mop enabled
 no mop sysid
 service-insertion appqoe
exit

Example: Configure Service Insertion Using vManage – Data Center Service-Node


Note

When enabling the AppQoE feature on a device through vManage, ensure that you remove any Virtual Port Groups (VPG) that already have service-insertion appqoe in their configuration and have an IP address that differs from the one you are pushing through vManage. Enabling AppQoE on a device that has an existing service-insertion appqoe configuration on a VPG could lead to a conflict in configurations. This conflict may result in the AppQoE status remaining indeterminate.


  1. In vManage, open Configuration.

  2. At the top of the page, select Feature.

  3. In Select Devices, select the branch device to configure.

  4. In Other Templates, select AppQoE.

  5. Select the Service Node button.

  6. Create a feature template for the Cisco IOS XE SD-WAN device acting as service-node. Enter:

    • Template Name

    • Service Node IP: Corresponds to the appnav-controller value that would be configured by the service-insertion service-node-group command when configuring by CLI.

    • Virtual Port Group IP: Corresponds to the service-node value that would be configured by the interface VirtualPortGroup2 command when configuring by CLI.

  7. Click Save.

  8. Add the feature template that was created in a previous step, to a device template page. In the AppQoE dropdown menu, select the name of the feature template.

  9. Click Create.