Latest

Home / Cisco / Viptela SDWAN / Cisco Viptela SDWAN : Configuration Procedure for Cflowd Routing Policy via CLI

Cisco Viptela SDWAN : Configuration Procedure for Cflowd Routing Policy via CLI

August 06, 2021 ,

Earlier in our article we talked about configuring cflowd policy through vManage. Now we will talk about the other way of configuring the cflowd policy via CLI. vManage is an orchestration to push the configurations to device through vSmart. 

Fig 1.1- Cisco Viptela SDWAN

So these all policies should be defined on the vSmart controller and vSmart controller is the brain to kept all these policies. Configuring a cflowd centralized data policy to perform traffic monitoring and to export traffic flows to a collector

Step 1: Create a list of overlay network sites to which the cflowd centralized data policy is to be applied

Step 2: Create a list of VPN for which the cflowd centralized data policy is to be configured

Step 3: Create lists of IP prefixes

Step 4: Configure a cflowd template, and optionally, configure template parameters, including the location of the cflowd collector, the flow export timers, and the flow sampling interval

NDNA_vSmart(config)# policy cflowd-template template-name 
NDNA_vSmart(config-cflowd-template- template-name)# collector vpn vpn-id address ip-address port port-number transport-type (tcp/udp) source-interface interface-name
NDNA_vSmart(config-cflowd-template- template-name )# flow-active-timeout seconds 
NDNA_vSmart(config-cflowd-template- template-name )# flow-inactive-timeout seconds 
NDNA_vSmart(config-cflowd-template- template-name )# flow-sampling-interval number 
NDNA_vSmart(config-cflowd-template- template-name )# template-refresh seconds

Step 5: If you configure a logging action, configure how often to log packets to the syslog files

NDNA_vEdge(config)# policy log-frequency number

Step 6: Create a data policy instance and associate it with a list of VPNs: 

NDNA_vSmart(config)# policy data-policy policy-name 
NDNA_vSmart(config-data-policy- policy-name )# vpn-list list-name

Step 7. Create a sequence to contain a single match–action pair: 

NDNA_vSmart(config-vpn-list- list-name )# sequence number 

Step 8. Define match parameters for the data packets: 

NDNA_vSmart(config-sequence- number )# match parameters

Step 9. In the action, enable cflowd: 

NDNA_vSmart(config-sequence- number )# action cflowd

Step 10. In the action, count or log data packets: 

NDNA_vSmart(config-sequence- number )# action count counter-name 
NDNA_vSmart(config-sequence- number )# action log

Step 11. Create additional numbered sequences of match–action pairs within the data policy, as needed.

Step 12. If a route does not match any of the conditions in one of the sequences, it is rejected by default. If you want nonmatching prefixes to be accepted, configure the default action for the policy: 

NDNA_vSmart(config- policy-name )# default-action accept

Step 13. Apply the policy and the cflowd template to one or more sites in the overlay network: 

NDNA_vSmart(config)# apply-policy site-list list-name data-policy policy-name 
NDNA_vSmart(config)# apply-policy site-list list-name cflowd-template template-name