SD-WAN Application Map Flags and its functionality
search cancel

SD-WAN Application Map Flags and its functionality

book

Article ID: 330739

calendar_today

Updated On: 05-07-2025

Products

VMware SD-WAN by VeloCloud

Issue/Introduction

This article talks about Application Map flags and its functionality so that you can know when it would be used





Environment

SD-WAN by VeloCloud Edge

SD-WAN by VeloCloud Orchestrator

Cause

Each flag may cause various impact based on each use case

Resolution

Below are the flags which can be used within the APP MAP, and its functionality in order for more awareness when can be used :


1) doNotSlowLearn Flag

 

  • Exclude applications with many destination from caching the DPI result.

  • Default Applictions: HTTP, HTTPS, Bitrorrent, VeloCloud Management and Control, or any proxy traffic.

 

2) mustUseGateway Flag

 

  • The  app map setting mustUseGatewaymeans "must use gateway if matching internet multipath business policy". If the business policy sends the traffic direct that will overrule the mustUseGateway flag.
  • The VCE will still send traffic direct when it cannot reach VCG.
  • If this flag is not used -> when the VCG comes back up, flows that were moved direct will stay direct so as not to break the applications unnecessarily. This can cause a problem for VoIP because the signaling flows live longer and will still be going direct while newly created media flows go via the gateway.
  • To solve the above mentioned point we can use the flag, mustUseGateway=1, which will cause the VCE to switch direct traffic back to the VCG path once the tunnel to the VCG comes back up.

 

3) mustNotUseGateway Flag

 

  • This flag can be used In default app maps as this flag is set for Netflix and BitTorrent for example, and causes them to always be sent direct regardless of the state of the gateway and regardless of whether the business policy tries to send the traffic via multipath.
  • This is ideal for any traffic you want to never use the gateway. (Notice that this is not simply the opposite of the mustUseGateway flag.)
  • Note: A secure route coming from the gateway will override a mustNotUseGateway flag.

 

4) dropIfPartnerGatewayDown Flag

 

  • Some applications can only be access through the partner gateway.

  • When the VCE loses all the tunnels to the VCGs, no reason to switch traffic direct, so you can use this flag to stick to gateway  paths only

  • Note: this is Independent from mustUseGateway.

5) alwaysOnReplication Flag

  • Used for enabling replication all the time.

  • For voice applications.

 

How to set up Application Map Flags:
 

  • If it is on cloud setup, please contact support and refer to this KB for more applying the needed flag on the desired APP MAP
  • If it is on prem, you can access the VCO using superuser operator account and download the APP MAP, then please contact support and refer to this KB for more applying the needed flag on the desired APP MAP

Additional Information

DPI Engine

Application MAP use open source QOSMOS Deep Pocket Inspection(DPI). Here is the article talking about this DPI Engine: https://www.qosmos.com/wp-content/uploads/qosmos_deep_packet_inspection_characterization.pdf


Powered by Wolken Software