Cisco Viptela SDWAN: Configure Split DNS with a Centralized Data Policy through CLI
Today we are going to discuss on the Split DNS and the configuration related to it in Cisco Viptela SDWAN environment. It is very important to understand the APP aware routing when a vEdge/cEdge send application traffic to and receive application traffic from a service VPN. These edge devices or router performs a Domain Name System (DNS) lookup to determine how to reach a server for the application.
Now you have multiple connections through the WAN and If the router does not have reachability to the internet, it sends DNS queries to a router that has internet connection, and that router determines how to reach a server for that application. We can configure a vEdge/cEdge router to be an DIA point and reach internet directly to perform DNS lookups. For this we need to create a policy that configures split DNS and can be used for applications.
While working on the policies, you can create a split DNS policy with either a centralized data policy or an application-aware routing policy.
Fig 1.1- Centralized Policy for Split DNS |
Now we are going how to configure the Split DNS policy using CLI as a centralized data policy. We can configure the Split DNS policy as an app aware policy in our next article.
Configure Split DNS with a Centralized Data Policy
Step 1: You need to create a List for that policy, As this is centralized policy it should be configure on the vSmart
NDNA_vSmart(config)# policy
NDNA_vSmart(config-policy)# lists site-list NDNA (NDNA is a site-list used here)
NDNA_vSmart(config-lists)# site-id 100-105 (100-105 means the sites having 100,101,102,103,104 and 105 site id defined)
Step 2: Create lists of applications or application families for which you want to enable split DNS. Match this list in the data policy
NDNA_vSmart(config)# policy lists
NDNA_vSmart(config-lists)# app-list NDNA
NDNA_vSmart(config-app-list)# GCP-apps
Step 3: Now go to the data policies and Create lists VPNs to which the split DNS policy is to be applied
NDNA_vSmart(config)# policy lists
NDNA_vSmart(config-lists)# vpn-list NDNA
NDNA_vSmart(config-lists)# vpn 10
Step 4: Create a data policy instance and associate it with a list of VPNs
NDNA_vSmart(config)# policy data-policy NB
NDNA_vSmart(config-data-policy)# vpn-list NDNA
Step 5: Create a series of match–action pair sequences and process the DNS server resolution for the applications
NDNA_vSmart(config-vpn-list)# sequence number 11
NDNA_vSmart(config-sequence)# match dns-app-list NDNA
NDNA_vSmart(config-sequence)# match dns ( request | response )
Step 6: Accept matching packets, optionally counting and logging them and Enable local internet exit and put default action
NDNA_vSmart(config-sequence)# action accept count NB1
NDNA_vSmart(config-sequence)# action accept nat NB2 use-vpn 0
NDNA_vSmart(config-sequence)# action accept redirect-dns host
NDNA_vSmart(config- policy-name )# default-action accept