EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USSD-WAN Centralized & Localized Data Policy
SD-WAN Centralized & Localized Data Policy
Centralized Data Policy Overview:
Data Policy affects the data traffic and works on data plane of any Viptela Overlay network. There are two types of data policy:
- Centralized Data policy
- Localized Data policy
These Centralized data policy works on data plane based on IP header field in data packet on network whereas localized data policy controls traffic flow from in and out of router interface and its queues on vEdge router.
Centralized data policy is applied to packet that originates from specific sender, source Address and it controls which destination with in VPN the traffic can reach. Data policy is applied to data traffic based on 6 tuple in P packet header (IP header, Source IP, Source Port, Destination IP, Destination Port, DSCP, and Protocol)
Centralized Data policy is provisioned on vEdge router and is never pushed on vEdge router. Only the effects or decision of data policy is pushed on vEdge router. Data Policy results that is received from vSmart is applied only in inbound direction.
Effect of Centralized data policy Results Example:
- Which set of source are allowed to send data traffic to outside destination from local site.
- Which set of source are allowed to send data traffic to specific set of outside destination from local site.
- Which set of source with source port are allowed to send data traffic to any outside destination from local site.
VPN Membership Policy
It is a second type of Centralized data policy method, where it controls weather vEdge router will participate in particular VPN or not.
A VPN membership policy can be centralized as it affects only on packet header and has no impact on choice of interface that vEdge router uses to transmit the traffic. It is due to this policy, a vEdge router is not allowed to receive any prefix from particular VPN and vSmart will never forward those prefixes to that router.
Deep Packet Inspection:
As Centralized policy uses 6 tuple, it is also used to examine the application information in payload of data packet. Due to this deep inspection of any packet payload, it helps in controlling how data packet from specified source or set of source are forwarded to Viptela network. This will also help in controlling to send specific application traffic over specific tunnel based on jitter, delay, latency.
Localized Data Policy:
Localized data policy controls traffic flow from in and out of router interface and its queues on vEdge router. These policies are provisioned on vEdge router and affects how specific interface on vEdge router will handle traffic that means receiving and sending.
It is also said to be ACLs through which COS is applied which further classify the traffic and based on classification traffic is prioritize for different classes and Queues.
Some example of Localized Data policy:
Explicit & Implicit Access list: Any access-list configured by Localized data policy are said as Explicit ACL and these ACL can be applied in any VPN on the router.
A another type of ACL called implicit ACL also referred as Services, applied on router tunnel interface, and on Router tunnel interface following services are enabled by default like DHCP , DNS, ICMP etc and can be disabled.
QOS Actions: From Localized Data policy, QOS can be applied which allow you to classify data traffic based on priory and then send to different interface Queue and also control the rate through which these traffic are transmitted.
Mirror Data Packets : Access-list are used to classify the data traffic , and as soon as data traffic is classified , these data traffic copy is send to another interface for data packet mirroring and Cisco Viptela supports 1:1 mirroring which means a copy of every packet is sent to alternate destination.
Comment
TABLE OF CONTENTS
- Onboarding & Provisioning Configuring Templates
- Authentication between vSmart & vBond
- Authentication between vSmart Controller
- Authentication between vBond & vEdge Router
- Authentication between vEdge Router & vManage NMS
- Authentication between vSmart Controller & vEdge Router
- Viptela Specific Port Terminology
- Configure vManage & Generate Certificate
- Configure vBond & Generate Certificate
- Configure vSmart & Generate Certificate
- Configure vEdge & Generate Certificate
- Secure DataPlane Bringup
- Control Plane & Data Plane Operation - Unicast Routing Overview
- Configuring OMP & Its attributes
- Configure Unicast Overlay Routing
- Routing Configuration Example
- Segmentation Overview
- Configuring Segmentation
- Segmentation Configuration Example
- Data Traffic across Private WANs
- NAT in SDWAN & Data Encryption
- SD-WAN Viptela Policy Overview
- SD-WAN Centralized & Localized Control Policy Overview
- SD-WAN Centralized & Localized Data Policy
- Application – Aware Routing Overview
- Service Chaining
- Traffic Flow Monitoring
- vEdge Router as NAT Device
- Zone Based Firewalls
- Configuring Application Aware Routing
- Configure Centralized Control Policy
- Configuring Centralized Data Policy
- Configuring Cflowd Traffic Monitoring
- Configuring Zone based Firewall
- Service Chaining Configuration Example
- Configuring Service Side NAT
- Configuring Transport side NAT
RECENT POSTS
- What is Docker and Why is It Important?
- Learn Python 3.0 Programming for Network Automation
- Cisco ACI Data Centre: A Comprehensive Overview
- How to Prepare for the Microsoft Azure AZ-305 Exam
- AWS Training Certification Course for Solutions Architect
- Cisco SASE Architecture
- SASE vs SD-WAN
- What is SASE
- Accessing Amazon S3 using AWS private Link in Secure hybrid method.
- Cisco Smart Licensing Policy
LEAVE A COMMENT
Please login here to comment.