Application-Aware Routing (AAR)
Application-Aware Routing is used by SD-WAN to prioritise traffic based on the application type and route traffic over specific network links.
For many businesses, allocating network resources and prioritising specific applications is still a static setup. Utilising traditional Wide Area Network (WAN) solutions, the prioritisation of applications is defined by network administrators and then applied across all network edges, which may have different connectivity options available.
With the increased popularity of remote workforces and cloud service utilisation, businesses have increasingly moved towards Software-Defined Wide Area Network (SD-WAN) solutions, which introduce Application-Aware Routing (AAR).
In this article we’ll explain how AAR addresses the issues found in traditional WAN solutions and how it can be beneficial to your business.
The Problems Application-Aware Routing Solves
Traditional WAN networks typically utilise static path routing techniques, which limit networks to sending traffic over pre-defined paths. Regardless of the current traffic load on a given link, traditional WAN will continue to send traffic, which can be detrimental in the event links becoming overwhelmed. When this occurs, businesses can often experience degraded performance and even downtime.
This issue is only emphasised within WAN setups that cannot handle multiple transport links. These networks are limited by the capabilities of the single network link, which even with dedicated MPLS circuits may not provide the capabilities that business networks require. This can lead to slower, more expensive network routing, which is a waste of businesses resources.
These issues have therefore led to SD-WAN introducing features such as dynamic path selection and Application Aware Routing, as it enables businesses to get more out of their network underlay, maximising network efficiency and minimising issues with downtime and latency.
Core Functionality of AAR in SD-WAN
Application Aware Routing, within SD-WAN, offers businesses with the ability to prioritise critical applications based on real-time conditions and SLAs.
Bidirectional Forwarding Detection
AAR can evaluate telemetry from network connections using Bidirectional Forwarding Detection (BFD), allowing for the SD-WAN solution to determine the best possible route at any given time. BFD pre-empts where issues may occur within the network and will suggest an alternate route when performance begins to degrade.
Quality of Service
Alongside Quality of Service (QoS) mechanisms, AAR can detect which applications are of higher importance to your business operations. These applications are then prioritised, allowing for critical applications to receive the bandwidth they need to perform.
Whilst telemetry does enable informed routing decisions, so can Service Level Agreements (SLAs). Businesses can set these SLAs for different traffic types, setting a maximum delay or amount of packet loss which SD-WAN has to abide by. AAR will automatically re-route the traffic in the event these SLAs are not being met. For businesses using leased lines and MPLS links that guarantee specific speeds, SD-WAN can also take these SLAs into consideration, with routing over these connections providing greater reliability due to these guarantees.
Dynamic Path Selection Mechanism in SD-WAN
Dynamic path selection enables both human-based and SD-WAN’s automated customisation of routing rules. Dynamic path selection forms a significant portion of AAR and allows for specification of low latency and greater control over critical applications. These ensure that applications, such as VoIP calls, are affected by minimal routing issues for improved networked operations.
Traditional solutions could emulate these path selection qualities through analysis of the port being used to transmit data. This rather outdated technique was solely reliant on traffic being routed across a commonly used port for applications, therefore making this solution less appropriate for businesses with proprietary systems or applications that use non-standardised ports. AAR, however, uses Deep Packet Inspection (DPI). DPI allows AAR to decrypt packets, with inspection helping to identify which application the packet is for. This method is far more flexible and efficient than port scanning, ensuring greater accuracy and connectivity of critical application traffic.
The Role of Performance Metrics in AAR Decisions
The telemetry utilised by the Application Aware Routing feature in SD-WAN indicates the quality of each path based on the following metrics: latency, jitter and packet loss.
Network Latency
Network Latency refers to the round-trip time delay for data transmission between a source and destination within a network. This means that latency is measured from the point of initiation (e.g. a download link is clicked) to the point in which the response is received (file is downloaded).
Analysis of these metrics contribute to a feedback loop, with telemetry from selected paths helping AAR to determine how optimised routes are for applications.
AAR Configuration and Customisation
There are many forms of configuration and customisation for Application Aware Routing within SD-WAN. Network administrators can define SLA requirements for applications, ensuring that performance does not drop below a certain threshold and switching to a different connection in the event that it does. This means that critical applications such as video conferencing can be prioritised for low latency connectivity, whilst applications like file downloads can allow for delays due to being of lower importance.
Benefits of Application-Aware Routing in SD-WAN
Fine tuning performance with AAR is beneficial as it optimised application performance for your business network. This ensures greater performance by utilising multiple paths and switching across the best performing link. For typically critical business applications, like video conferencing and cloud services, this means that businesses can experience fewer dropped calls, clearer video and faster application response times.
AAR within SD-WAN also provides businesses with improved link utilisation, which better distributes bandwidth to the right applications, meaning there is a more effective bandwidth split and gets the most out of each network connection. Businesses can benefit from this, as it enables greater utilisation of links such as broadband and 5G, meaning that there can be less reliance on more expensive connections (typically MPLS), offering a cost benefit to businesses
Businesses can also benefit from granular control over application performance. By being able to easily set the priority for specific applications and through SLAs, businesses can ensure that these applications are prioritised. Due to AAR leveraging DPI to understand the nature of each packet and its intended application, AAR is especially beneficial in comparison to traditional methods as it can require no manual adjustments, reducing network administrator workloads.
How AAR Classifies Applications
Application-Aware Routing (AAR) does not apply uniform routing logic to all traffic, but instead classifies applications into distinct priority tiers. Each tier is configured with a different link preference, performance threshold, and bandwidth allocation to ensure optimal delivery. The table below shows how common business applications map to these tiers.
Priority Level: The importance rank AAR assigns to this traffic class. Critical outranks High, which outranks Medium.
Routing Policy: The link selection behaviour AAR applies. 'Best-performing link' means the path with the lowest combined latency, jitter and packet loss at that moment. 'Direct internet breakout' means traffic exits locally at the branch rather than being backhauled to a data centre.
Typical Bandwidth Requirement: Approximate per-user figures for sizing WAN capacity. These are planning benchmarks, not hard limits.
Which SD-WAN Vendors Have the Best Application-Aware Routing?
Most enterprise SD-WAN platforms include Application-Aware Routing (AAR) or an equivalent capability, but the underlying implementation varies between vendors. The key differences lie in the Deep Packet Inspection (DPI) engine used, the granularity of Service Level Agreement (SLA) controls, and how tightly routing is integrated with security functions. The three vendors covered below represent approaches commonly encountered in UK enterprise SD-WAN procurement.
Cisco Catalyst
Cisco Catalyst SD-WAN uses Application-Aware Routing to identify and steer traffic based on real-time path performance. The platform utilises the Cisco Next-Generation Network-Based Application Recognition (NBAR2) engine to identify thousands of applications through deep packet inspection. Network administrators configure SLA policies by defining specific thresholds for latency, jitter, and packet loss within the Cisco SD-WAN Manager. When a path fails to meet these criteria, the system dynamically shifts traffic to a secondary path that satisfies the requirements. One notable capability is the integration with ThousandEyes, which provides hop-by-hop visibility into the underlay for more granular performance analysis.
Fortinet Secure SD-WAN
Fortinet Secure SD-WAN provides application steering through its FortiOS operating system and dedicated SD-WAN ASIC hardware. The solution leverages a proprietary Deep Packet Inspection (DPI) engine to recognise over 5,000 applications, including encrypted cloud traffic. Configuration is managed through SD-WAN rules where administrators define link health-check targets and SLA thresholds for each application. Because the SD-WAN functionality is built into the Fortigate Next-Generation Firewall, routing decisions can be made based on security posture as well as network performance. One verifiable capability is the use of Application Control signatures that are updated in real-time via FortiGuard services to ensure accurate identification of new SaaS applications.
Vendor selection should be driven by existing infrastructure and the organisation's specific application mix, not by Application-Aware Routing capability alone. Network administrators should evaluate how each platform integrates with their current security and cloud strategy.
Conclusion
Application Aware Routing acts as an intelligent controller within SD-WAN solutions, continuously monitoring network telemetry and dynamically adjusting paths as part of a feedback loop to improve network performance. This means that critical applications are prioritised to receive the resources they need to perform.
Harry holds a BSc (Hons) in Computer Science from the University of East Anglia and is ISC2 Certified in Cybersecurity (CC). He serves as a Cybersecurity Writer here at Netify, where he specialises in enterprise networking technologies. With expertise in Software-Defined Wide Area Networks (SD-WAN) and Secure Access Service Edge (SASE) architectures, Harry provides in-depth analysis of leading vendors and network solutions.
Fact-checked by: Robert Sturt - Managing Director, Netify
Frequently Asked Questions
What is application-aware routing?
Application-aware routing is an SD-WAN capability that identifies applications using deep packet inspection (DPI) and routes each application's traffic across the most appropriate WAN link based on that application's performance requirements.
How does application-aware routing differ from traditional routing?
Application-aware routing (AAR) differs from traditional routing by moving beyond static tables and destination IP addresses to include application identification and dynamic path steering. While traditional routers are often unaware of what is inside a packet, AAR uses Deep Packet Inspection (DPI) to identify the specific application generating the traffic. This allows the network to distinguish between different types of data and treat them according to their individual needs.
AAR also incorporates real-time path monitoring using Bidirectional Forwarding Detection (BFD) telemetry. This allows the system to constantly measure performance metrics such as latency, jitter, and packet loss across every available path. Traditional routing typically relies on whether a link is up or down, whereas AAR understands the quality of the connection at any given moment.
When a path degrades below a defined Service Level Agreement (SLA) threshold, AAR automatically re-steers traffic to a better-performing link. This ensures that critical services remain stable even during periods of high congestion or brownouts. For example, a VoIP call can be kept on a low-latency MPLS link while lower-priority file backups are moved to a standard broadband connection.
Which SD-WAN vendors have the best application-aware routing?
Several enterprise SD-WAN platforms offer strong Application-Aware Routing (AAR) implementations, and the right choice depends on existing infrastructure and application requirements. Cisco Catalyst SD-WAN uses Application-Aware Routing powered by the NBAR2 engine, which is suited to organisations that require deep integration with existing Cisco environments and ThousandEyes visibility. VMware VeloCloud is known for its Dynamic Multi-Path Optimization (DMPO), which is commonly used in environments requiring per-packet steering and sub-second remediation of link brownouts. Fortinet Secure SD-WAN is suited to organisations that prioritise an integrated security approach, as its AAR features are built directly into the Fortigate Next-Generation Firewall.