How to configure SDWAN: Traffic Distribution using weighted session distribution

3700

Created On 06/01/22 02:06 AM - Last Modified 04/14/25 20:42 PM

SD-WAN

10.1

PAN-OS

Objective

To provide configuration of SDWAN for traffic engineering.
The information is provided with an example
In the example, the Ethernet link type, represented in green tunnels (tunnel.928 and tunnel.929), has far more bandwidth capacity than the slow Microware radio link, which is the yellow tunnel.
In the above assumption, traffic flowing thru tunnel.928 and tunnel.929 will carry 90% of the total load from Branch_2's 10.3.0.0/16 to Hub's 10.1.0.0/16 network.
Tunnel.930 represented in a yellow IPSEC tunnel, will carry the 10%.

Environment

Palo Alto Firewalls supporting SDWAN.
PAN-OS 10.1.3
SDWAN plugin 2.1.2

Procedure

Configure Traffic Distribution Profile based on the above objective.

Device Group: Branch2
GUI: Objects > SD-WAN Link Management > Traffic Distribution Profile > Add

Name: TDP-Weighted
Traffic Distribution: Weighted Session Distribution
Link Tags: add SDWAN-Broadband-fast with 90 as it's Weight
Link Tags: add SDWAN-Microwave with 10 as it's Weight

Configure the SD-WAN Policies, which will determine how incoming traffic will be handled by the firewall.

Device Group: Branch2
GUI: Policies > SD-WAN > Pre Rules > Add

General > Name: Trust to Hub
Source> Source Zone: Trust Source Address: 10.3.0.0/16
Destination> Destination Zone: zone-to-hub > Destination Address: 10.1.0.0/16
Path Quality Profile: management
Application/Service > Applications: Any > Service: Any
Path Selection > Traffic Distribution Profile: TDP-Weighted

Result:

In achieving the above result, at least 14 simultaneous pings were sent from Branch2 to the hub.

Additional Information

How to configure SDWAN: basic connection

How to configure SDWAN: Traffic Distribution using Top Down Priority