Cisco SD-WAN Policy - Centralized Policy - IP With Ease
Cisco SD-WAN Policy - Centralized Policy - IP With Ease
Cisco SD-WAN Policy - Centralized Policy - IP With Ease
Policy
Rashmi Bhardwaj | | Blog, Programming & Software, Routing &
Switching
In traditional method, configurations are typically applied on a device per device basis using CLI
mode. Cisco SD-WAN has been designed to overcome this by implementing a centralized
management plane that implement on all devices without any human error.
Advertisements
Control policies are used to manipulate the structure of the Cisco SD-WAN fabric by altering the
control plane information exchanged by the Overlay Management Protocol (OMP).
Data policies are used to manipulate the data plane directly by altering the forwarding of traffic
through the Cisco SD-WAN fabric. The following flow chart visualizes the Cisco SD-WAN policy’s
structure.
Control Policies: Control policies are used for applications such as preferring one site over
another for a specific destination (or default routing) and limiting which sites can build tunnels
directly across the fabric.
VPN Membership Policies: VPN membership policies are used to limit the distribution of
routing information about particular VPNs to specific sites. One common use case for VPN
membership policies is for guest segments where Internet access is permitted but site-to-site
communication is denied.
Centralized Data Policies: Centralized data policies are a flexible and powerful form of policy-
based routing and are commonly used to accomplish Direct Internet Access (DIA) for specific
applications, network service insertion, and data plane manipulations such as packet
duplication and Forward Error Correction (FEC).
Application-Aware Routing Policies: Application-Aware Routing policies are used to ensure
that a particular class of traffic is always transported across a WAN link that meets a minimum
service level agreement (SLA).
Cflowd Policies: Cflowd policies are a special type of centralized data policy that specifies the
destination where flow records should be exported so that flow information is available on
external systems for analysis.
All vEdge device send the routing update, TLOC, Service routes information to vSmart controller
without any modification in routing table via DTLS tunnel established with vSmart.
vSmart accepts all routing information received from vEdge. vSmart controller build topology
map of entire network on behalf of information received from vEdge from which VPN it
belongs.
vEgde will keep sending routing information to vSmart controller if any change occurred
vSmart controller will update its routing table.
When centralized control policy applied in inbound direction toward vSmart controller coming
from vEdge all routes are filtered and installed in routing table.
When centralized control policy applied in outbound direction toward vSmart controller going
toward vEdge all routes must be filtered and then advertised to vEdge.