Part 2: Cisco SD-WAN Centralized and Localized Policies Exam Prep Series (ENSDWI) 300 - 415
Policies are the way through with network administrator configure the SD-WAN overlay network to meet the business requirement. In a simple words, there is default way a fabric is build automatically and if this “default” behavior needs to be changed then you need Policies. On such example could be overlay network topology which is mesh by default and if you need to change it to hub-and-spoke or partial-mesh then you need policy.
Types of policies
On a high level there are two types of polices centralized policies
and the localized policies.
- Centralized policies are those policies that impact the complete SD-WAN overlay network and has more impact which can be network-wide.
- Localized policies are those policies that impact the individual site/device in the network may be or not part of the overlay network.
Centralized polices are further classified as control polices and data polices.
2. Centralized Data Polices:
Used to manipulate the data plane directly by altering the
forwarding of the traffic through the SD-WAN overlay network. Data policy is
also known as the traffic policy while configuring the same using vManage GUI.
Example of data policy are – traffic data policies [DIA, network service insertion, packet-duplication and FEC], application-aware routing [traffic always transported across link that meet minimum SLA] and cflowd policy [flow record export – for making flow information available for analysis].
Fig 1.1- Cisco Viptela SDWAN: Centralized Policies |
Activating the Centralized Policy:
vManage is the centralized platform to configure the entire SD-WAN fabric. All the management, monitoring, configuration, and troubleshooting are performed here. Policy configuration is not an exception. Once the policy is built in vManage, it needs to be activated. When the centralized policy is activated in vManage – vManage writes the policy to the vSmart controller (coz it is the control plane – centrally managing the fabric). NETCONF is used to perform the configuration from vManage to vSmart. Now policy becomes the persistent part of the vSmart configuration.
Localized Policy
Similar to centralized policies localized policy can be used to modify the control and data plane. However, the scope is limited to a WAN Edge router.
- Quality of Service – configured on WAN edge router to perform the shaping, policing, congestion-avoidance and congestion management.
- Access Lists – to configure access control list to filter the traffic at interface level. This can be used to mark or remark the traffic for QoS configuration.
- Security Policies – all the security innovation on SD-WAN such as app-aware Firewall, IPS, URL-Filtering, AMP and DNS security part of the localized data policy.
One who is appearing for the exam should have fair
understanding of different types of SD-WAN policies, their enforcement and
configuration. For more information about Policies refer cisco documentation:
Policy
Basics
Cisco
SD-WAN Policy Framework
Control
Policies
Data
Policies
App-Aware
Routing
Service
Chaining