There are 2 types of policies in Cisco SD-WAN.
1. Centralized
2. Localized
Centralized Policies are applied at the WAN side (Northbound) and Localized Policies are applied at the LAN side (Southbound) of the WAN Edges.
Centralized Polices
These policies are pushed to vSmart from vManage and vSmart will push them to WAN edges.
In order to configure these type of policies, the vSmart should be configured via the vManage templates. Which means if it is configured only via the CLI while it was onboarded, you will have to reconfigure it using templates.
You will not see these policies in the running config of WAN edges but there are commands to view the pushed policies.
There are 2 types of Centralized Polices too.
1. Topology Policies (Control Policies)
2. Traffic Polices (Data Policies)
Topology Policies
These are there to control the OMP protocol which is basically the routing updates which effects the routing tables. So if you want to do route filtering, change next hop of routes etc. you have to use Topology Policies under Centralized Policies.
Traffic Policies
These are the policies which effects the data plane only.
This can be used to alter data plane based on L3/L4 characteristics like source IP / destination IP type of things without effecting to Control Plane. Traffic Data Policies are used to configure local internet breakouts (Direct Internet Access / DIA).
When this is configured based on applications, it is called AAR (Application Aware Routing). In AAR; the WAN edge will look for the application and will override the routing table for that specific traffic according to the Policy configured. Note that it will not change the routing table but will change the way data is forwarded. It can be configured for SLAs with link quality etc. as well.
Configuring Centralized Policies?
You can configure them via Cisco vManage > Configuration > Polices > Centralized Policies
You can configure many Centralized Policies in vManage and There can be only one active Centralized Policy at a time. When you deploy one policy, other policies are deactivated..
There are 4 steps to configure a Centralized Policy.
1. Create Groups of Interest (Objects needed to configure a policy)
2. Configure Topology and VPN Membership (Topology Policy / Control Policy component)
3. Configure Traffic Rules ( Traffic Policy / Data Policy component)
4. Apply Policies to Sites and VPNs
You can bypass some steps if there is none to configure under that step. As an example, an AAR may not need to configure a Topology Policy hence the step 2 will be ignored.
Examples:-
Localized Policies
These policies will be also configured in vManage but directly send to the WAN edges and they can be found in the running config in vEdges / sdwan running config in cEdges.
Used to configure QoS in local WAN edge, Configure ACLs or Route Policies for a local WAN edge etc.
Configuring Localized Policies?
There are 5 steps to configure a localized policy.
1. Create Groups of Interest (Objects needed to configure a policy)
2. Configure Forwarding Classes/QoS
3. Configure Access Control Lists
4. Configure Route Policy
5. Policy Overview
Examples:-
======================================================================
About Groups of Interests / Lists
The components which are needed while configuring a policy are called Groups of Interests / Lists.
They can be configured before configuring policy as well as on the go.
No comments:
Post a Comment