Latest

Home / Cisco / Viptela SDWAN / Cisco Catalyst SDWAN: Inbound Vs Outbound Control Policy

Cisco Catalyst SDWAN: Inbound Vs Outbound Control Policy

January 11, 2024 ,

Cisco Catalyst SDWAN: Inbound Vs Outbound Control Policy

Amazon.com Best Deals Toys     ⭐Amazon.com Best Deals Health
Amazon.com Best Deals Electronics  ⭐Amazon.com Best Deals Video Games

Cisco Catalyst SD-WAN so called Software Defined WAN solution, where control plane or management plane is separated from the physical devices, while in the Viptela solution we have following architecture, where we have data-plane on the physical devices (obviously), Control Plane by VSmart or VBond Management tool, Management Plane via VManage and Orchestration.

As per the new changes from Cisco, Below are the new names of the components

  • Cisco vManage is now Cisco Catalyst SD-WAN Manager
  • Cisco vBond is now Cisco Catalyst SD-WAN Validator
  • Cisco vSmart is now Cisco Catalyst SD-WAN Controller

Cisco WAN Edge routers exchange OMP updates with the vSmart controllers on a regular basis. These OMP upgrades include vRoutes, TLOCs, and Service routes. When a vSmart controller receives an OMP route from a vEdge, it uses the OMP best-path algorithm to update its routing database. All other WAN edge routers are then informed of the optimum paths.

A Control policy checks OMP updates and can change the properties in updates that meet the policy. Control policies are always applied to a site list in a directive manner.

Control Policies can be implemented in either an inbound or outward way. In many circumstances, network requirements can be met by implementing a control policy in either direction. However, the consequence of an inbound control policy differs significantly from that of an outward control policy.

Cisco SDWAN Outbound Vs Inbound Control Policy
Fig 1.1- Outbound Vs Inbound Control Policy

 ⭐ Cisco SDWAN Outbound Control Policy

Lets talk about the outbound policy and how it impacts the edge devices in the Cisco Catalyst SD-WAN fabric environment.

  • The policy is always directed by the vSmart controller. Outbound means that the policy matches and updates attributes in OMP advertising from vSmart to vEdges/cEdges.
  • The policy is applied to site-list SITE-B, which means that only OMP advertisements sent to WAN edge devices with Site-IDs specified in the SITE-B list are processed against the policy.
  • In the policy, sequence 1 match route indicates that this sequence solely matches and updates vRoutes (not TLOCS or Service routes).
  • The action accept indicates that the vRoutes that match the statement will be routed to site-2.
  • When preference 90 is set, the OMP Preference attribute of the matched vRoutes is changed to 90 (the default is 0).
  • It is important to note that the default action is accept (it is refuse by default). We do not plan to filter any routes or tlocs, but rather to change route properties.

 ⭐ Cisco SDWAN Inbound Control Policy

Lets talk about the inbound policy and how it impacts the edge devices in the Cisco Catalyst SD-WAN fabric environment.

  • The policy's direction is always determined by the vSmart controller. Inbound signifies that the policy matches and adjusts attributes in OMP updates before they enter the controller's OMP RIB (routing information base). Site-list is subject to the policy.
  • In the policy itself, sequence 1 match route means that this sequence matches and modifies only vRoutes (and not TLOCS or Service routes)
  • The action accept means that the vRoutes that are matched in the statement will be inserted in the RIB of the controller
  • Set preference 90 means that the OMP Preference attribute of the vRoutes that are matched will be changed to 90 (default is 0) before the vRoutes are inserted in the RIB of the controller.

Outbound vs inbound cisco sdwan control policy
Fig 1.2- Outbound Vs Inbound Control Policy

All Cisco vSmart Controller policies are configured on the Cisco vEdge/cEdge devices, using a combination of policy definition and lists. All Cisco vSmart Controller policies are also applied on the Cisco vEdge/cEdge devices, with a combination of apply-policy and lists.

Continue Reading...