USD ($)
$
United States Dollar
India Rupee
Your cart is empty
Empty notifications
Login Register

Lab 10.1: Policy influences data flow traffic

Lesson 22/28 | Study Time: 60 Min
Course: Cisco SD-WAN Lab Guide with Initial Setup
Lab 10.1: Policy influences data flow traffic

Configuration

In Cisco Viptela, Policy influences data flow traffic between vEdge routers, In Viptela Policy it comprises of following:

Routing policy: This policy affects the flow of routing information in control plane

Data Policy: This policy affects the flow of data traffic in data plane

In Cisco Viptela network, policies are applied either on control plane or data plane traffic and are configured centrally on vSmart or locally on vEdge routers.

Below figure, distinguish between control and data policy and which further divides in to centralized or localized policy. 



Each policy based on its configuration is categorized in two parts:

Basic Policy: These types of policy includes standard policy task such as managing traffic path , permit and block traffic based on address , ports etc , enabling class of service , monitoring , policing etc.

Advance Policy: These policies includes some advance configuration and offer specialized policy-based application. Such as:

Service Chaning

Application Aware Routing

Cflowd for traffic monitoring

Converting vEdge device to NAT


Note: By default, no policy is configured on Viptela devices either on vSmart or vEdge. In start if there is no policy:

All routing information is propagated by OMP from vEdge to vSmart and vSmart then share it to all other vEdge unpoliced.

Centralized and Localized Policy

The Viptela policy software design provides a clear separation between centralized and localized policy. In short, centralized policy is provisioned on the centralized vSmart controllers in the overlay network, and localized policy is provisioned on the vEdge routers, which sit at the network edge between a branch or enterprise site and a transport network, such as the Internet, MPLS, or metro Ethernet.

Centralized Policy:

Control policy, which affects the overlay network–wide routing of traffic

Data policy, which affects the data traffic flow throughout the VPN segments in the network

Localized Policy:

Localized control policy, which is also called route policy, affects the BGP and OSPF routing behavior on the site-local network.

Example: ACL, Route-policy (how data traffic IN & OUT) , QOS & Cflow ( Same like netflow).

Control and Data Policy:

The Viptela network policy design provides a clean separation between control policy and data policy, to align with the network architecture in which the control and data planes are cleanly separated. Control policy is the equivalent of routing protocol policy, and data policy is equivalent to what are commonly called access control lists (ACLs) and firewall filters.

Centralized control policy affects the OMP routes that are distributed by the vSmart controller throughout the overlay network. The vSmart controller learns the overlay network topology from OMP routes that are advertised by the vEdge routers over the OMP sessions inside the DTLS or TLS connections between the vSmart controller and the routers. (The DTLS connections are shown in orange in the figure



Three types of OMP routes carry the information that the vSmart controller uses to determine the network topology:

Viptela OMP routes, which are similar to IP route advertisements, advertise routing information that vEdge routers have learned from their local site and the local routing protocols (BGP and OSPF) to the vSmart controller. These routes are also referred to as OMP routes or vRoutes.

TLOC routes carry overlay network–specific locator properties, including the IP address of the interface that connects to the transport network, a link color, which identifies a traffic flow, and the encapsulation type. (A TLOC, or transport location, is the physical location where a vEdge router connects to a transport network. It is identified primarily by IP address, link color, and encapsulation, but a number of other properties are associated with a TLOC.)

Service routes advertise the network services, such as firewalls, available to VPN members at 

the vEdge router's local site.




Note: As vSmart controller's role is to be the centralized routing system in the network, vEdge routers can never modify the OMP route information that they learn from the vSmart controllers.

A type of centralized control policy called service chaining allows data traffic to be routed through one or more network services, such as firewall, load balancer, and intrusion detection and prevention (IDP) devices, en route to its destination.



Consolidated of Control and Data Policy:



Previous Lesson Next Lesson
Sujeet Shen

Sujeet Shen

Product Designer
★★★★★ 4.99
Loyal User
Expert Vendor
Golden Classes
King Seller
Fantastic Support
Profile Book a Meeting

Class Sessions

1- Lab 1.1: Setup vManage 2- Lab 1.2: Setup vBond 3- Lab 1.3: Setup vSmart 4- Lab 2.1: SD-WAN vEdge Cloud Installation 5- Lab 2.2: Install vEdge Cloud 6- Lab 3.1: SD-WAN Viptela Templates 7- Lab 3.2: SD-WAN Viptela Templates 8- Lab 3.3: Create Service Side VPN 9- Lab 3.4: Common CLI Template 10- Lab 4.1: Configure Feature Template for enable OSPF 11- Lab 4.2: Configure Feature Template to enable BGP 12- Lab 5.1: Create Groups 13- Lab 5.2: Create Users 14- Lab 6.1: Download Software upgrade image from cisco.com 15- Lab 6.2: Store software image on vManage 16- Lab 6.3: Upgrade software version on vManage 17- Lab 6.4: vBond & vSmart upgradation 18- Lab 6.5: Upgrade vEdge 19- Lab 7.1: Traffic engineering on data center vEdges 20- Lab 8.1: Implement traffic engineering on Data Center 21- Lab 9.1: Configure Zscaler Router 22- Lab 10.1: Policy influences data flow traffic 23- Lab 11.1: Configure Data Center as HUB location 24- Lab 12.1: SDWAN Policy Implementation 25- Lab 13.1: Configure GRE tunnels 26- Lab 13.2: Create policy 27- Lab 13.3: Implement Service Firewall in Service VPN 28- Lab Topology and IP Address