SD-WAN Centralized & Localized Control Policy Overview

SD-WAN Centralized & Localized Control Policy Overview

Posted on Jan 27, 2020 (0)

SD-WAN Centralized & Localized Control Policy Overview

Default Behavior without Centralized Control Policy:

By default, No Centralized control policy is provisioned until or unless it is configured and applied. When there is no Centralized policy, following is the Viptela Control plane device behaves:

  • All vEdge routers will sent the route prefixes which it will learn from local site network to vSmart controller via OMP protocols. If vEdge has multiple DTLS Connection to multiple vSmart, it will send OMP information to all vSmart.
  • All vEdge will send all TLOC routes to vSmart controller in domain via OPM
  • All vEdge Router will send all service Routes to all vSmart via OMP.
  • vSmart will accept all these three routes types in route table and then further tracks OMP , TLOC and service Routes to determine to which VPN they belong. Further from these information vSmart will create the Network topology MAP and determine the routing path for data traffic
  • vSmart controller will redistribute all these routes in particular VPN to all vEdge router in same VPN.
  • vEdge router regularly send route update to vSmart controller
  • vSmart will recalculates the routing path, will update its routing table and advertises new and changed routing information to all vEdge routers.

How Behavior Changes with Centralized Control Policy

Following are scenarios where Centralized control policies are required:

  • When All routes are not planned to advertised to all vEdge Router
  • If Route information is to be modified before advertising by vSmart controller

Once this policy is configured, it is activated by applying it to specific sites in overlay network either in inbound or outbound detection with respect to vSmart controller.

When we apply in inbound direction, modification or filtration of route is being done before keeping in route table of vSmart controller, Accepted routes are installed on route table of vSmart either as received routes or modified routes by control policy.

When policy is applied on outbound direction, Accepted routes are modified by control policy before they are distributed by vSmart controller, routes that are rejected by outbound policy are not advertised.

Examples of Modifying Traffic Flow with Centralized Control Policy

Let see some examples of centralized control policy :

Example 1: Create an Arbitrary Topology:

Let’s see the example from the diagram first:

Here, There are two sites, West and East and each site contain the reachability information to reach other site, route table on the West vEdge router contains a route to vEdge East with a destination TLOC of, color gold ({, gold}), and vEdge East route table has a route to the West branch with a destination TLOC of {, gold}. And currently in control policy is provisioned.

Now there a situation where, to set up hub and spoke topology, so that each branch send the traffic to hub and from hub it reaches to spoke. For that a central control policy is provisioned, once done, the routing changes on the West vEdge router, the destination TLOC from {, gold} to {, gold}, and on the East router, the policy changes the destination TLOC from {, gold} to the hub's TLOC, {, gold}.

Example 2: Set Up Traffic Engineering

Control policy also helps in traffic engineering, let’s suppose there are two vEdge router acting as hub and requirement is that data traffic destined to a branch vEdge router to always transit through one of the hub vEdge routers.

Site ID 100 has two hub vEdge routers, one on West side of the network and a second on East side. Requirement for data traffic from the West vEdge branch router to be handled by the West vEdge hub, and data traffic from the East vEdge branch router to go through the east vEdge hub.

Here Two control policies will be provisioned, one for Site ID 1, for West vEdge branch router and a second one for Site ID 2. The control policy for Site ID 1 changes the TLOC for traffic destined to the East vEdge router to {, gold}, and the control policy for Site ID 2 changes the TLOC for traffic destined for Site ID 1 to {, gold}. One additional effect of this traffic engineering policy is that it load-balances the traffic traveling through the two vEdge hub routers.

Localized Control Policy

 Localized control policy is always configured on vEdge router and it effects BGP and OSPF routing decisions on site local network.

Apart from this, the vEdge route is also connected to another network in local site via another router and to exchange routing information between them any routing protocol such as BGP on OSPF is configured. In order to control and modify routing behavior on local network another policy is configured called route policy on vEdge routers which is applied only to routing protocols performed on local branch and affects only route table entries in the vEdge routing table.


    You are will be the first.


Please login here to comment.