EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USSD-WAN Viptela Policy Overview
SD-WAN Viptela Policy Overview
In Cisco Viptela, Policy influences data flow traffic between vEdge routers, In Viptela Policy it comprises of following:
- Routing policy: This policy affects the flow of routing information in control plane
- Data Policy: This policy affects the flow of data traffic in data plane
In Cisco Viptela network, policies are applied either on control plane or data plane traffic and are configured centrally on vSmart or locally on vEdge routers.
Below figure, distinguish between control and data policy and which further divides in to centralized or localized policy.
Each policy based on its configuration is categorized in two parts:
Basic Policy: These types of policy includes standard policy task such as managing traffic path , permit and block traffic based on address , ports etc , enabling class of service , monitoring , policing etc.
Advance Policy: These policy includes some advance configuration and offer specialized policy-based application. Such as:
- Service Chaning
- Application Aware Routing
- Cflowd for traffic monitoring
- Converting vEdge device to NAT
By default, no policy is configured on Viptela devices either on vSmart or vEdge. In start if there is no policy:
- All routing information is propagated by OMP from vEdge to vSmart and vSmart then share it to all other vEdge unpoliced.
- No BGP and OSPF route are there to affect route information that vEdge router propagate within local site network.
Centralized Policy:
Those policy which are provisioned on vSmart controllers in Viptela Overlay network, and it has two following components.
Centralized Control Policy: This policy is configured on vSmart controller and which applies to routing traffic and affects information stored on vSmart controller route table which has to be further advertised to vEdge Router. These Policies are only present on vSmart controller and never pushed to vEdge routers.
Centralized Data Policy: These policies applies to data traffic flow throughout VPN and it can permit and restrict access based on either 6 tuple match ( source & Destination IP , ports , DSCP, protocol , VPN membership ) , these policies are pushed to affected vEdge routers.
Localized policy:
Localized policies are those policies that are applied locally on the VEdge routers on overlay network. Localized policy are further divided in to two parts:
Localized Control policy: These Localized control policy also called route policy and affects BGP and OSPF routing behavior on site local network.
Localized data policy: This policy provision access-list and applies to specific interface or interfaces on the vEdge router. Any access will be allowed or restricted based on 6 tuple match (source & Destination IP address, Ports, DSCP Field and protocol).
Access-List allow provision of COS, Policing, and mirroring and control how data traffic will flow in and out from interfaces.
Control and Data Policy
Let’s see how control and data policy works one by one.
Control Policy: These policies work on routes or routing information in Control plane of overlay network. As soon as vEdge route send the control plane information to vSmart controller over DTLS to TLS tunnel, Centralized policy determines which routes and route information should be placed in to centralized route table on vSmart and which routes and route information should be advertised to vEdge routers in overlay network.
Each vEdge router send these there OMP routes to Vsmart controller and by which vSmart controller determines the network topology.
- OMP routes
- TLOC routes
- Service Routes
Comment
TABLE OF CONTENTS
- Onboarding & Provisioning Configuring Templates
- Authentication between vSmart & vBond
- Authentication between vSmart Controller
- Authentication between vBond & vEdge Router
- Authentication between vEdge Router & vManage NMS
- Authentication between vSmart Controller & vEdge Router
- Viptela Specific Port Terminology
- Configure vManage & Generate Certificate
- Configure vBond & Generate Certificate
- Configure vSmart & Generate Certificate
- Configure vEdge & Generate Certificate
- Secure DataPlane Bringup
- Control Plane & Data Plane Operation - Unicast Routing Overview
- Configuring OMP & Its attributes
- Configure Unicast Overlay Routing
- Routing Configuration Example
- Segmentation Overview
- Configuring Segmentation
- Segmentation Configuration Example
- Data Traffic across Private WANs
- NAT in SDWAN & Data Encryption
- SD-WAN Viptela Policy Overview
- SD-WAN Centralized & Localized Control Policy Overview
- SD-WAN Centralized & Localized Data Policy
- Application – Aware Routing Overview
- Service Chaining
- Traffic Flow Monitoring
- vEdge Router as NAT Device
- Zone Based Firewalls
- Configuring Application Aware Routing
- Configure Centralized Control Policy
- Configuring Centralized Data Policy
- Configuring Cflowd Traffic Monitoring
- Configuring Zone based Firewall
- Service Chaining Configuration Example
- Configuring Service Side NAT
- Configuring Transport side NAT
RECENT POSTS
- What is Docker and Why is It Important?
- Learn Python 3.0 Programming for Network Automation
- Cisco ACI Data Centre: A Comprehensive Overview
- How to Prepare for the Microsoft Azure AZ-305 Exam
- AWS Training Certification Course for Solutions Architect
- Cisco SASE Architecture
- SASE vs SD-WAN
- What is SASE
- Accessing Amazon S3 using AWS private Link in Secure hybrid method.
- Cisco Smart Licensing Policy
LEAVE A COMMENT
Please login here to comment.