EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

NZ

Configuring Centralized Data Policy

Configuring Centralized Data Policy

Posted on Jan 27, 2020 (0)

Configuring Centralized Data Policy

Centralized Data policy is configured on vSmart controllers and can be used for different purpose listed below:

  • Centralized Data Policy based on Prefixes and IP Headers
  • Centralized Data Policy based on application information in packet payload
  • Configure Data Policy to VPNs from where they receive Routes from.

Configure Centralized Data Policy based on Prefixes & IP Headers.

This Policy contains Sequence of matched action and if matches occurs associated action is taken place and policy evolution stops and if packet matches no parameter, it is dropped and discarded by default.

In Match, by default matching is done based on 6 tuple which contains Source IP address, Destination IP address, Source Port, Destination port, protocol and DSCP.

Create a list of network site to which this Centralized Policy to be applied.

vSmart(config)# policy
vSmart(config-policy)# lists site-list list-name
vSmart(config-lists-list-name)# site-id site-id

Create lists of IP prefixes and VPNs:

vSmart(config)# policy lists
vSmart(config-lists)# data-prefix-list list-name
vSmart(config-lists-list-name)# ip-prefix prefix/length
vSmart(config)# policy lists
vSmart(config-lists)# vpn-list list-name
vSmart(config-lists-list-name)# vpn vpn-id

Create lists of TLOCs

vSmart(config)# policy
vSmart(config-policy)# lists tloc-list list-name
vSmart(config-lists-list-name)# tloc ip-address color color encap encapsulation [preference number]

Define policing parameters, as needed:

vSmart(config-policy)# policer policer-name
vSmart(config-policer)# rate bandwidth
vSmart(config-policer)# burst bytes
vSmart(config-policer)# exceed action

Create a data policy and associate it with a list of VPNs:

vSmart(config)# policy data-policy policy-name
vSmart(config-data-policy-policy-name)# vpn-list list-name

Create a series of match–pair sequences:

vSmart(config-vpn-list)# sequence number
vSmart(config-sequence-number)#

Define match parameters for packets:

vSmart(config-sequence-number)# match parameters
Define actions to take when a match occurs:
vSmart(config-sequence-number)# action (accept | drop) [count counter-name] [log] [tcpoptimization]
vSmart(config-sequence-number)# action acccept nat [pool number] [use-vpn 0]
vSmart(config-sequence-number)# action accept redirect-dns (host | ip-address)
vSmart(config-sequence-number)# action accept set parameters

If a route does not match any of the conditions,it is rejected by default. To accept nonmatching prefixed, configure the default action for the policy:

vSmart(config-policy-name)# default-action accept

Apply the policy to one or more sites in the overlay network:

vSmart(config)# apply-policy site-list list-name data-policy policy-name (all | fromservice | from-tunnel)

Policer Parameters

In order to configure the policing parameter, configure policer which defines maximum bandwidth, burst rate for traffic interface and what to do if traffic exceeds these values.


Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.