Huawei Cloud VPN NQA

What Is NQA?

Network Quality Analysis (NQA) is a technology to measure network performance and collect statistics on network indicators such as delay, jitter, and packet loss rate. It helps administrators learn network service quality in real time and effectively diagnose and locate network faults.

NQA Fundamentals

Figure 1 NQA test

In an NQA test, the source is called an NQA client, and the destination is called an NQA server. To enable an NQA client to initiate an NQA test, you need to create a test instance of a specific type on the NQA client. The NQA client then constructs packets that comply with the corresponding protocol, adds timestamps to the packets, and sends the packets to the server.

An NQA server listens to the NQA test packets with the specified IP address and port number and responds to the test accordingly. The client then calculates performance indicators, such as the connectivity, delay, and packet loss rate, based on statistics about the sent and received packets.

Processing Mechanism of NQA Tests

In an ICMP test, ICMP packets are sent to check reachability of the destination and calculate the network response time and packet loss rate.

A source constructs an ICMP Echo Request packet and sends it to a destination. When receiving the packet, the destination returns an ICMP Echo Reply packet to the source.

Upon receipt of the ICMP Echo Reply packet, the source calculates the time between when it sends the ICMP Echo Request packet and when it receives the ICMP Echo Reply packet. The test result reflects network performance and connectivity.

The NQA detection interval is 10s, and three ICMP requests are sent within 10s.

Why Do We Need NQA?

As value-added services develop, users and carriers demand higher quality of service (QoS). Especially after voice and video services are provisioned on conventional IP networks, carriers and users reach service level agreements (SLAs) to implement QoS guaranteed services.

To provide committed bandwidth for users, carriers need to collect statistics about network indicators such as the delay, jitter, and packet loss rate, and analyze the statistics to obtain network performance. Conventional network performance analysis methods (such as ping and tracert) cannot meet carriers' requirements for real-time monitoring on diverse services. Against this backdrop, NQA can be deployed to accurately test the network running status and export statistics. NQA can measure the performance of various protocols running on the network. This facilitates real-time collection of different network performance indicators, such as the total HTTP connection delay, TCP connection delay, DNS resolution delay, file transfer rate, FTP connection delay, and DNS resolution error rate. Network carriers control these indicators to provide users with network services of various grades. In addition, NQA is an effective tool to diagnose and locate faults on the network.

NQA for Static Routes

• Static routes do not have a dedicated detection mechanism. If an indirect link fails, a network administrator must manually delete the corresponding static route from the IP routing table. This process delays link switchover and causes service interruption for a significant amount of time.
• When creating VPN connections in static routing mode, you can enable NQA to detect faults in links for static routes. This prevents the preceding problems and ensures stability of VPN connections. When using NQA, ensure that the customer gateway device supports ICMP and is correctly configured with the customer tunnel interface IP addresses of the VPN connections. Otherwise, traffic will fail to be forwarded.
• If NQA detection fails for a VPN connection in static routing mode, the corresponding route is withdrawn. The customer gateway needs to permit ICMP traffic from the local tunnel interface address to the remote tunnel interface address of the VPN connection.
• The NQA detection results of VPN connections in health check are reported only to Cloud Eye. There is no impact if the detection fails. The customer gateway needs to permit ICMP traffic from the public IP addresses of the VPN gateway to the public IP address of the customer gateway.